[OE-core] [meta-oe,v2] kernel-fitimage: introduce FIT_HASH_ALG
Luca Boccassi
luca.boccassi at gmail.com
Tue Jun 18 08:25:47 UTC 2019
On Thu, 2017-11-02 at 16:48 +0100, Ayoub Zaki wrote:
> sanitize fitImage hash algorithm selection with FIT_HASH_ALG
> switch default hash algorithm from sha1 to sha256
>
> Signed-off-by: Ayoub Zaki <
> ayoub.zaki at embexus.com
> >
> Acked-by: Denys Dmytriyenko <
> denys at ti.com
> >
> ---
> meta/classes/kernel-fitimage.bbclass | 13 ++++++++-----
> 1 file changed, 8 insertions(+), 5 deletions(-)
>
> diff --git a/meta/classes/kernel-fitimage.bbclass
> b/meta/classes/kernel-fitimage.bbclass
> index 179185b..3cc3a33 100644
> --- a/meta/classes/kernel-fitimage.bbclass
> +++ b/meta/classes/kernel-fitimage.bbclass
> @@ -36,6 +36,9 @@ python __anonymous () {
> # Options for the device tree compiler passed to mkimage '-D'
> feature:
> UBOOT_MKIMAGE_DTCOPTS ??= ""
>
> +# fitImage Hash Algo
> +FIT_HASH_ALG ?= "sha256"
> +
> #
> # Emit the fitImage ITS header
> #
> @@ -95,7 +98,7 @@ EOF
> # $4 ... Compression type
> fitimage_emit_section_kernel() {
>
> - kernel_csum="sha1"
> + kernel_csum="${FIT_HASH_ALG}"
>
> ENTRYPOINT=${UBOOT_ENTRYPOINT}
> if [ -n "${UBOOT_ENTRYSYMBOL}" ]; then
> @@ -128,7 +131,7 @@ EOF
> # $3 ... Path to DTB image
> fitimage_emit_section_dtb() {
>
> - dtb_csum="sha1"
> + dtb_csum="${FIT_HASH_ALG}"
>
> cat << EOF >> ${1}
> fdt@${2} {
> @@ -152,7 +155,7 @@ EOF
> # $3 ... Path to setup image
> fitimage_emit_section_setup() {
>
> - setup_csum="sha1"
> + setup_csum="${FIT_HASH_ALG}"
>
> cat << EOF >> ${1}
> setup@${2} {
> @@ -179,7 +182,7 @@ EOF
> # $3 ... Path to ramdisk image
> fitimage_emit_section_ramdisk() {
>
> - ramdisk_csum="sha1"
> + ramdisk_csum="${FIT_HASH_ALG}"
> ramdisk_ctype="none"
> ramdisk_loadline=""
> ramdisk_entryline=""
> @@ -237,7 +240,7 @@ EOF
> # $6 ... default flag
> fitimage_emit_section_config() {
>
> - conf_csum="sha1"
> + conf_csum="${FIT_HASH_ALG}"
> if [ -n "${UBOOT_SIGN_ENABLE}" ] ; then
> conf_sign_keyname="${UBOOT_SIGN_KEYNAME}"
> fi
Hi,
Any update on this patch? It was acked almost 2 years ago.
It would be great to have a way to change the hashsum algorithm when
building signed images.
Thanks!
--
Kind regards,
Luca Boccassi
More information about the Openembedded-core
mailing list