[OE-core] [meta-oe,v2] kernel-fitimage: introduce FIT_HASH_ALG

[Richard Purdie]

On Tue, 2019-06-18 at 08:53 -0700, Khem Raj wrote:
> On Tue, Jun 18, 2019 at 1:26 AM Luca Boccassi <
> luca.boccassi at gmail.com> wrote:
> > On Thu, 2017-11-02 at 16:48 +0100, Ayoub Zaki wrote:
> > > sanitize fitImage hash algorithm selection with FIT_HASH_ALG
> > > switch default hash algorithm from sha1 to sha256
> > > 
> > > Signed-off-by: Ayoub Zaki <
> > > ayoub.zaki at embexus.com
> > > Acked-by: Denys Dmytriyenko <
> > > denys at ti.com
> > > ---
> > >  meta/classes/kernel-fitimage.bbclass | 13 ++++++++-----
> > >  1 file changed, 8 insertions(+), 5 deletions(-)
> > > 
> > > diff --git a/meta/classes/kernel-fitimage.bbclass
> > > b/meta/classes/kernel-fitimage.bbclass
> > > index 179185b..3cc3a33 100644
> > > --- a/meta/classes/kernel-fitimage.bbclass
> > > +++ b/meta/classes/kernel-fitimage.bbclass
> > > @@ -36,6 +36,9 @@ python __anonymous () {
> > >  # Options for the device tree compiler passed to mkimage '-D'
> > > feature:
> > >  UBOOT_MKIMAGE_DTCOPTS ??= ""
> > > 
> > > +# fitImage Hash Algo
> > > +FIT_HASH_ALG ?= "sha256"
> > > +
> > >  #
> > >  # Emit the fitImage ITS header
> > >  #
> > > @@ -95,7 +98,7 @@ EOF
> > >  # $4 ... Compression type
> > >  fitimage_emit_section_kernel() {
> > > 
> > > -     kernel_csum="sha1"
> > > +     kernel_csum="${FIT_HASH_ALG}"
> > > 
> > >       ENTRYPOINT=${UBOOT_ENTRYPOINT}
> > >       if [ -n "${UBOOT_ENTRYSYMBOL}" ]; then
> > > @@ -128,7 +131,7 @@ EOF
> > >  # $3 ... Path to DTB image
> > >  fitimage_emit_section_dtb() {
> > > 
> > > -     dtb_csum="sha1"
> > > +     dtb_csum="${FIT_HASH_ALG}"
> > > 
> > >       cat << EOF >> ${1}
> > >                  fdt@${2} {
> > > @@ -152,7 +155,7 @@ EOF
> > >  # $3 ... Path to setup image
> > >  fitimage_emit_section_setup() {
> > > 
> > > -     setup_csum="sha1"
> > > +     setup_csum="${FIT_HASH_ALG}"
> > > 
> > >       cat << EOF >> ${1}
> > >                  setup@${2} {
> > > @@ -179,7 +182,7 @@ EOF
> > >  # $3 ... Path to ramdisk image
> > >  fitimage_emit_section_ramdisk() {
> > > 
> > > -     ramdisk_csum="sha1"
> > > +     ramdisk_csum="${FIT_HASH_ALG}"
> > >       ramdisk_ctype="none"
> > >       ramdisk_loadline=""
> > >       ramdisk_entryline=""
> > > @@ -237,7 +240,7 @@ EOF
> > >  # $6 ... default flag
> > >  fitimage_emit_section_config() {
> > > 
> > > -     conf_csum="sha1"
> > > +     conf_csum="${FIT_HASH_ALG}"
> > >       if [ -n "${UBOOT_SIGN_ENABLE}" ] ; then
> > >               conf_sign_keyname="${UBOOT_SIGN_KEYNAME}"
> > >       fi
> > 
> > Hi,
> > 
> > Any update on this patch? It was acked almost 2 years ago.
> > 
> > It would be great to have a way to change the hashsum algorithm
> > when
> > building signed images.
> > 
> 
> I agree, but it would be good to resend this patch on top of current
> master

I managed to apply it to master so its in testing now.

My concerns about the lack of tests for this class are the main reason
patches here get held up.

Cheers,

Richard