Hi Simon, On Fri, 21 Jun 2024 at 02:06, Simon Glass <s...@chromium.org> wrote: > > It does not make sense to enable all SHA algorithms unless they are > needed. It bloats the code and in this case, causes chromebook_link to > fail to build. That board does use the TPM, but not with measured boot, > nor EFI. > > Since EFI_TCG2_PROTOCOL already selects these options, we just need to > add them to MEASURED_BOOT as well. > > Note that the original commit combines refactoring and new features, > which makes it hard to see what is going on. > > Fixes: 97707f12fda tpm: Support boot measurements > Reviewed-by: Heinrich Schuchardt <xypron.g...@gmx.de> > Signed-off-by: Simon Glass <s...@chromium.org> > --- > > (no changes since v2)
There was a discussion in the previous version, bout enabling these on CMD_TPM as they are required. Thanks /Ilias > > Changes in v2: > - Put the conditions under EFI_TCG2_PROTOCOL > - Consider MEASURED_BOOT too > > boot/Kconfig | 4 ++++ > lib/Kconfig | 4 ---- > 2 files changed, 4 insertions(+), 4 deletions(-) > > diff --git a/boot/Kconfig b/boot/Kconfig > index 6f3096c15a6..b061891e109 100644 > --- a/boot/Kconfig > +++ b/boot/Kconfig > @@ -734,6 +734,10 @@ config LEGACY_IMAGE_FORMAT > config MEASURED_BOOT > bool "Measure boot images and configuration when booting without EFI" > depends on HASH && TPM_V2 > + select SHA1 > + select SHA256 > + select SHA384 > + select SHA512 > help > This option enables measurement of the boot process when booting > without UEFI . Measurement involves creating cryptographic hashes > diff --git a/lib/Kconfig b/lib/Kconfig > index 189e6eb31aa..568892fce44 100644 > --- a/lib/Kconfig > +++ b/lib/Kconfig > @@ -438,10 +438,6 @@ config TPM > bool "Trusted Platform Module (TPM) Support" > depends on DM > imply DM_RNG > - select SHA1 > - select SHA256 > - select SHA384 > - select SHA512 > help > This enables support for TPMs which can be used to provide security > features for your board. The TPM can be connected via LPC or I2C > -- > 2.34.1 >
