[OE-core] [meta-oe,v2] kernel-fitimage: introduce FIT_HASH_ALG

Luca Boccassi luca.boccassi at gmail.com
Tue Jun 18 08:25:47 UTC 2019 

On Thu, 2017-11-02 at 16:48 +0100, Ayoub Zaki wrote:
> sanitize fitImage hash algorithm selection with FIT_HASH_ALG
> switch default hash algorithm from sha1 to sha256
> 
> Signed-off-by: Ayoub Zaki <
> ayoub.zaki at embexus.com
> >
> Acked-by: Denys Dmytriyenko <
> denys at ti.com
> >
> ---
>  meta/classes/kernel-fitimage.bbclass | 13 ++++++++-----
>  1 file changed, 8 insertions(+), 5 deletions(-)
> 
> diff --git a/meta/classes/kernel-fitimage.bbclass
> b/meta/classes/kernel-fitimage.bbclass
> index 179185b..3cc3a33 100644
> --- a/meta/classes/kernel-fitimage.bbclass
> +++ b/meta/classes/kernel-fitimage.bbclass
> @@ -36,6 +36,9 @@ python __anonymous () {
>  # Options for the device tree compiler passed to mkimage '-D'
> feature:
>  UBOOT_MKIMAGE_DTCOPTS ??= ""
>  
> +# fitImage Hash Algo
> +FIT_HASH_ALG ?= "sha256"
> +
>  #
>  # Emit the fitImage ITS header
>  #
> @@ -95,7 +98,7 @@ EOF
>  # $4 ... Compression type
>  fitimage_emit_section_kernel() {
>  
> -	kernel_csum="sha1"
> +	kernel_csum="${FIT_HASH_ALG}"
>  
>  	ENTRYPOINT=${UBOOT_ENTRYPOINT}
>  	if [ -n "${UBOOT_ENTRYSYMBOL}" ]; then
> @@ -128,7 +131,7 @@ EOF
>  # $3 ... Path to DTB image
>  fitimage_emit_section_dtb() {
>  
> -	dtb_csum="sha1"
> +	dtb_csum="${FIT_HASH_ALG}"
>  
>  	cat << EOF >> ${1}
>                  fdt@${2} {
> @@ -152,7 +155,7 @@ EOF
>  # $3 ... Path to setup image
>  fitimage_emit_section_setup() {
>  
> -	setup_csum="sha1"
> +	setup_csum="${FIT_HASH_ALG}"
>  
>  	cat << EOF >> ${1}
>                  setup@${2} {
> @@ -179,7 +182,7 @@ EOF
>  # $3 ... Path to ramdisk image
>  fitimage_emit_section_ramdisk() {
>  
> -	ramdisk_csum="sha1"
> +	ramdisk_csum="${FIT_HASH_ALG}"
>  	ramdisk_ctype="none"
>  	ramdisk_loadline=""
>  	ramdisk_entryline=""
> @@ -237,7 +240,7 @@ EOF
>  # $6 ... default flag
>  fitimage_emit_section_config() {
>  
> -	conf_csum="sha1"
> +	conf_csum="${FIT_HASH_ALG}"
>  	if [ -n "${UBOOT_SIGN_ENABLE}" ] ; then
>  		conf_sign_keyname="${UBOOT_SIGN_KEYNAME}"
>  	fi

Hi,

Any update on this patch? It was acked almost 2 years ago.

It would be great to have a way to change the hashsum algorithm when
building signed images.

Thanks!

-- 
Kind regards,
Luca Boccassi

More information about the Openembedded-core mailing list