Re: [PATCH v4 04/29] lib: Adapt digest header files to MbedTLS
On Tue, Jul 02, 2024 at 08:02:37PM -0400, Raymond Mao wrote: > Hi Tom, > > On Tue, 2 Jul 2024 at 18:48, Tom Rini wrote: > > > On Tue, Jul 02, 2024 at 11:22:40AM -0700, Raymond Mao wrote: > > > > > Adapt digest header files to support both original libs and MbedTLS > > > by switching on/off MBEDTLS_LIB_CRYPTO. > > > Introduce _LEGACY kconfig for legacy hash implementations. > > [snip] > > > diff --git a/lib/mbedtls/Kconfig b/lib/mbedtls/Kconfig > > > index 3e9057f1acf..6662a9d20f1 100644 > > > --- a/lib/mbedtls/Kconfig > > > +++ b/lib/mbedtls/Kconfig > > > @@ -21,9 +21,105 @@ if LEGACY_CRYPTO > > > > > > config LEGACY_CRYPTO_BASIC > > > bool "legacy basic crypto libraries" > > > + select MD5_LEGACY if MD5 > > > + select SHA1_LEGACY if SHA1 > > > + select SHA256_LEGACY if SHA256 > > > + select SHA512_LEGACY if SHA512 > > > + select SHA384_LEGACY if SHA384 > > > + select SPL_MD5_LEGACY if MD5 && SPL > > > + select SPL_SHA1_LEGACY if SHA1 && SPL > > > + select SPL_SHA256_LEGACY if SHA256 && SPL > > > + select SPL_SHA512_LEGACY if SHA512 && SPL > > > + select SPL_SHA384_LEGACY if SHA384 && SPL > > > help > > > Enable legacy basic crypto libraries. > > > > > > +if LEGACY_CRYPTO_BASIC > > > + > > > +config SHA1_LEGACY > > > + bool "Enable SHA1 support with legacy crypto library" > > > + depends on LEGACY_CRYPTO_BASIC && SHA1 > > > + help > > > + This option enables support of hashing using SHA1 algorithm > > > + with legacy crypto library. > > > + > > > +config SHA256_LEGACY > > > + bool "Enable SHA256 support with legacy crypto library" > > > + depends on LEGACY_CRYPTO_BASIC && SHA256 > > > + help > > > + This option enables support of hashing using SHA256 algorithm > > > + with legacy crypto library. > > > + > > > +config SHA512_LEGACY > > > + bool "Enable SHA512 support with legacy crypto library" > > > + depends on LEGACY_CRYPTO_BASIC && SHA512 > > > + default y if TI_SECURE_DEVICE && FIT_SIGNATURE > > > + help > > > + This option enables support of hashing using SHA512 algorithm > > > + with legacy crypto library. > > > + > > > +config SHA384_LEGACY > > > + bool "Enable SHA384 support with legacy crypto library" > > > + depends on LEGACY_CRYPTO_BASIC && SHA384 > > > + select SHA512_LEGACY > > > + help > > > + This option enables support of hashing using SHA384 algorithm > > > + with legacy crypto library. > > > + > > > +config MD5_LEGACY > > > + bool "Enable MD5 support with legacy crypto library" > > > + depends on LEGACY_CRYPTO_BASIC && MD5 > > > + help > > > + This option enables support of hashing using MD5 algorithm > > > + with legacy crypto library. > > > + > > > +if SPL > > > + > > > +config SPL_SHA1_LEGACY > > > + bool "Enable SHA1 support in SPL with legacy crypto library" > > > + depends on LEGACY_CRYPTO_BASIC && SPL_SHA1 > > > + default y if SHA1 && LEGACY_CRYPTO_BASIC > > > + help > > > + This option enables support of hashing using SHA1 algorithm > > > + with legacy crypto library. > > > + > > > +config SPL_SHA256_LEGACY > > > + bool "Enable SHA256 support in SPL with legacy crypto library" > > > + depends on LEGACY_CRYPTO_BASIC && SPL_SHA256 > > > + default y if SHA256 && LEGACY_CRYPTO_BASIC > > > + help > > > + This option enables support of hashing using SHA256 algorithm > > > + with legacy crypto library. > > > + > > > +config SPL_SHA512_LEGACY > > > + bool "Enable SHA512 support in SPL with legacy crypto library" > > > + depends on LEGACY_CRYPTO_BASIC && SPL_SHA512 > > > + default y if SHA512 && LEGACY_CRYPTO_BASIC > > > + help > > > + This option enables support of hashing using SHA512 algorithm > > > + with legacy crypto library. > > > + > > > +config SPL_SHA384_LEGACY > > > + bool "Enable SHA384 support in SPL with legacy crypto library" > > > + depends on LEGACY_CRYPTO_BASIC && SPL_SHA384 > > > + default y if SHA384 && LEGACY_CRYPTO_BASIC > > > + select SPL_SHA512 > > > + help > > > + This option enables support of hashing using SHA384 algorithm > > > + with legacy crypto library. > > > + > > > +config SPL_MD5_LEGACY > > > + bool "Enable MD5 support in SPL with legacy crypto library" > > > + depends on LEGACY_CRYPTO_BASIC && SPL_MD5 > > > + default y if MD5 && LEGACY_CRYPTO_BASIC > > > + help > > > + This option enables support of hashing using MD5 algorithm > > > + with legacy crypto library. > > > + > > > +endif # SPL > > > + > > > +endif # LEGACY_CRYPTO_BASIC > > > + > > > config LEGACY_CRYPTO_CERT > > > bool "legacy certificate libraries" > > > help > > > > This is all certainly moving in the right direction, but there's > > dependency issues: > >aarch64: w+ xilinx_zynqmp_kria > > +(xilinx_zynqmp_kria) > > +(xilinx_zynqmp_kria)
Re: [PATCH v4 04/29] lib: Adapt digest header files to MbedTLS
Hi Tom, On Tue, 2 Jul 2024 at 18:48, Tom Rini wrote: > On Tue, Jul 02, 2024 at 11:22:40AM -0700, Raymond Mao wrote: > > > Adapt digest header files to support both original libs and MbedTLS > > by switching on/off MBEDTLS_LIB_CRYPTO. > > Introduce _LEGACY kconfig for legacy hash implementations. > [snip] > > diff --git a/lib/mbedtls/Kconfig b/lib/mbedtls/Kconfig > > index 3e9057f1acf..6662a9d20f1 100644 > > --- a/lib/mbedtls/Kconfig > > +++ b/lib/mbedtls/Kconfig > > @@ -21,9 +21,105 @@ if LEGACY_CRYPTO > > > > config LEGACY_CRYPTO_BASIC > > bool "legacy basic crypto libraries" > > + select MD5_LEGACY if MD5 > > + select SHA1_LEGACY if SHA1 > > + select SHA256_LEGACY if SHA256 > > + select SHA512_LEGACY if SHA512 > > + select SHA384_LEGACY if SHA384 > > + select SPL_MD5_LEGACY if MD5 && SPL > > + select SPL_SHA1_LEGACY if SHA1 && SPL > > + select SPL_SHA256_LEGACY if SHA256 && SPL > > + select SPL_SHA512_LEGACY if SHA512 && SPL > > + select SPL_SHA384_LEGACY if SHA384 && SPL > > help > > Enable legacy basic crypto libraries. > > > > +if LEGACY_CRYPTO_BASIC > > + > > +config SHA1_LEGACY > > + bool "Enable SHA1 support with legacy crypto library" > > + depends on LEGACY_CRYPTO_BASIC && SHA1 > > + help > > + This option enables support of hashing using SHA1 algorithm > > + with legacy crypto library. > > + > > +config SHA256_LEGACY > > + bool "Enable SHA256 support with legacy crypto library" > > + depends on LEGACY_CRYPTO_BASIC && SHA256 > > + help > > + This option enables support of hashing using SHA256 algorithm > > + with legacy crypto library. > > + > > +config SHA512_LEGACY > > + bool "Enable SHA512 support with legacy crypto library" > > + depends on LEGACY_CRYPTO_BASIC && SHA512 > > + default y if TI_SECURE_DEVICE && FIT_SIGNATURE > > + help > > + This option enables support of hashing using SHA512 algorithm > > + with legacy crypto library. > > + > > +config SHA384_LEGACY > > + bool "Enable SHA384 support with legacy crypto library" > > + depends on LEGACY_CRYPTO_BASIC && SHA384 > > + select SHA512_LEGACY > > + help > > + This option enables support of hashing using SHA384 algorithm > > + with legacy crypto library. > > + > > +config MD5_LEGACY > > + bool "Enable MD5 support with legacy crypto library" > > + depends on LEGACY_CRYPTO_BASIC && MD5 > > + help > > + This option enables support of hashing using MD5 algorithm > > + with legacy crypto library. > > + > > +if SPL > > + > > +config SPL_SHA1_LEGACY > > + bool "Enable SHA1 support in SPL with legacy crypto library" > > + depends on LEGACY_CRYPTO_BASIC && SPL_SHA1 > > + default y if SHA1 && LEGACY_CRYPTO_BASIC > > + help > > + This option enables support of hashing using SHA1 algorithm > > + with legacy crypto library. > > + > > +config SPL_SHA256_LEGACY > > + bool "Enable SHA256 support in SPL with legacy crypto library" > > + depends on LEGACY_CRYPTO_BASIC && SPL_SHA256 > > + default y if SHA256 && LEGACY_CRYPTO_BASIC > > + help > > + This option enables support of hashing using SHA256 algorithm > > + with legacy crypto library. > > + > > +config SPL_SHA512_LEGACY > > + bool "Enable SHA512 support in SPL with legacy crypto library" > > + depends on LEGACY_CRYPTO_BASIC && SPL_SHA512 > > + default y if SHA512 && LEGACY_CRYPTO_BASIC > > + help > > + This option enables support of hashing using SHA512 algorithm > > + with legacy crypto library. > > + > > +config SPL_SHA384_LEGACY > > + bool "Enable SHA384 support in SPL with legacy crypto library" > > + depends on LEGACY_CRYPTO_BASIC && SPL_SHA384 > > + default y if SHA384 && LEGACY_CRYPTO_BASIC > > + select SPL_SHA512 > > + help > > + This option enables support of hashing using SHA384 algorithm > > + with legacy crypto library. > > + > > +config SPL_MD5_LEGACY > > + bool "Enable MD5 support in SPL with legacy crypto library" > > + depends on LEGACY_CRYPTO_BASIC && SPL_MD5 > > + default y if MD5 && LEGACY_CRYPTO_BASIC > > + help > > + This option enables support of hashing using MD5 algorithm > > + with legacy crypto library. > > + > > +endif # SPL > > + > > +endif # LEGACY_CRYPTO_BASIC > > + > > config LEGACY_CRYPTO_CERT > > bool "legacy certificate libraries" > > help > > This is all certainly moving in the right direction, but there's > dependency issues: >aarch64: w+ xilinx_zynqmp_kria > +(xilinx_zynqmp_kria) > +(xilinx_zynqmp_kria) WARNING: unmet direct dependencies detected for > SPL_MD5_LEGACY > +(xilinx_zynqmp_kria) Depends on [n]: LEGACY_CRYPTO [=y] && SPL [=y] && > LEGACY_CRYPTO_BASIC [=y] && SPL_MD5 [=n] > +(xilinx_zynqmp_kria) Selected by [y]: > +(xilinx_zynqmp_kria) - LEGACY_CRYPTO_BASIC [=y] && LEGACY_CRYPTO [=y] > && MD5 [=y]
Re: [PATCH v4 04/29] lib: Adapt digest header files to MbedTLS
On Tue, Jul 02, 2024 at 11:22:40AM -0700, Raymond Mao wrote: > Adapt digest header files to support both original libs and MbedTLS > by switching on/off MBEDTLS_LIB_CRYPTO. > Introduce _LEGACY kconfig for legacy hash implementations. [snip] > diff --git a/lib/mbedtls/Kconfig b/lib/mbedtls/Kconfig > index 3e9057f1acf..6662a9d20f1 100644 > --- a/lib/mbedtls/Kconfig > +++ b/lib/mbedtls/Kconfig > @@ -21,9 +21,105 @@ if LEGACY_CRYPTO > > config LEGACY_CRYPTO_BASIC > bool "legacy basic crypto libraries" > + select MD5_LEGACY if MD5 > + select SHA1_LEGACY if SHA1 > + select SHA256_LEGACY if SHA256 > + select SHA512_LEGACY if SHA512 > + select SHA384_LEGACY if SHA384 > + select SPL_MD5_LEGACY if MD5 && SPL > + select SPL_SHA1_LEGACY if SHA1 && SPL > + select SPL_SHA256_LEGACY if SHA256 && SPL > + select SPL_SHA512_LEGACY if SHA512 && SPL > + select SPL_SHA384_LEGACY if SHA384 && SPL > help > Enable legacy basic crypto libraries. > > +if LEGACY_CRYPTO_BASIC > + > +config SHA1_LEGACY > + bool "Enable SHA1 support with legacy crypto library" > + depends on LEGACY_CRYPTO_BASIC && SHA1 > + help > + This option enables support of hashing using SHA1 algorithm > + with legacy crypto library. > + > +config SHA256_LEGACY > + bool "Enable SHA256 support with legacy crypto library" > + depends on LEGACY_CRYPTO_BASIC && SHA256 > + help > + This option enables support of hashing using SHA256 algorithm > + with legacy crypto library. > + > +config SHA512_LEGACY > + bool "Enable SHA512 support with legacy crypto library" > + depends on LEGACY_CRYPTO_BASIC && SHA512 > + default y if TI_SECURE_DEVICE && FIT_SIGNATURE > + help > + This option enables support of hashing using SHA512 algorithm > + with legacy crypto library. > + > +config SHA384_LEGACY > + bool "Enable SHA384 support with legacy crypto library" > + depends on LEGACY_CRYPTO_BASIC && SHA384 > + select SHA512_LEGACY > + help > + This option enables support of hashing using SHA384 algorithm > + with legacy crypto library. > + > +config MD5_LEGACY > + bool "Enable MD5 support with legacy crypto library" > + depends on LEGACY_CRYPTO_BASIC && MD5 > + help > + This option enables support of hashing using MD5 algorithm > + with legacy crypto library. > + > +if SPL > + > +config SPL_SHA1_LEGACY > + bool "Enable SHA1 support in SPL with legacy crypto library" > + depends on LEGACY_CRYPTO_BASIC && SPL_SHA1 > + default y if SHA1 && LEGACY_CRYPTO_BASIC > + help > + This option enables support of hashing using SHA1 algorithm > + with legacy crypto library. > + > +config SPL_SHA256_LEGACY > + bool "Enable SHA256 support in SPL with legacy crypto library" > + depends on LEGACY_CRYPTO_BASIC && SPL_SHA256 > + default y if SHA256 && LEGACY_CRYPTO_BASIC > + help > + This option enables support of hashing using SHA256 algorithm > + with legacy crypto library. > + > +config SPL_SHA512_LEGACY > + bool "Enable SHA512 support in SPL with legacy crypto library" > + depends on LEGACY_CRYPTO_BASIC && SPL_SHA512 > + default y if SHA512 && LEGACY_CRYPTO_BASIC > + help > + This option enables support of hashing using SHA512 algorithm > + with legacy crypto library. > + > +config SPL_SHA384_LEGACY > + bool "Enable SHA384 support in SPL with legacy crypto library" > + depends on LEGACY_CRYPTO_BASIC && SPL_SHA384 > + default y if SHA384 && LEGACY_CRYPTO_BASIC > + select SPL_SHA512 > + help > + This option enables support of hashing using SHA384 algorithm > + with legacy crypto library. > + > +config SPL_MD5_LEGACY > + bool "Enable MD5 support in SPL with legacy crypto library" > + depends on LEGACY_CRYPTO_BASIC && SPL_MD5 > + default y if MD5 && LEGACY_CRYPTO_BASIC > + help > + This option enables support of hashing using MD5 algorithm > + with legacy crypto library. > + > +endif # SPL > + > +endif # LEGACY_CRYPTO_BASIC > + > config LEGACY_CRYPTO_CERT > bool "legacy certificate libraries" > help This is all certainly moving in the right direction, but there's dependency issues: aarch64: w+ xilinx_zynqmp_kria +(xilinx_zynqmp_kria) +(xilinx_zynqmp_kria) WARNING: unmet direct dependencies detected for SPL_MD5_LEGACY +(xilinx_zynqmp_kria) Depends on [n]: LEGACY_CRYPTO [=y] && SPL [=y] && LEGACY_CRYPTO_BASIC [=y] && SPL_MD5 [=n] +(xilinx_zynqmp_kria) Selected by [y]: +(xilinx_zynqmp_kria) - LEGACY_CRYPTO_BASIC [=y] && LEGACY_CRYPTO [=y] && MD5 [=y] && SPL [=y] Annoyingly I was not able to previously figure out how to make such problems a fatal error, but if you look at the output from each of the world build CI steps you'll see a lot of hits for "WARNING: unmet direct dependencies" and that'll help you track down which are where and what to do