Hi Tom On Wed, 4 Sept 2024 at 19:43, Tom Rini <tr...@konsulko.com> wrote: > > On Wed, Sep 04, 2024 at 01:48:43PM +0100, Peter Robinson wrote: > > Hi Simon, > > > > > I wonder if we could leave out the SHA stuff? The algorithms are > > > > One of the big advantages of the mbedtls when it comes to all things > > security is that it's seen a wide audit of it's code which for a lot > > of usecases is very useful from a security PoV, I'm not sure the > > amount of audit the U-Boot in project code has had, I'm sure there has > > been but I've not seen anything published. > > Yes, it's a positive in my mind to bring in the assorted hashing > algorithms from mbedTLS here.
Exactly. So apart from the know shaXXX there's other alogrithms we can pull directly -- e.g SM2/3/4. In any case, I looked into mbedTLS. You can override the default hashing algos with MBEDTLS_SHA256_ALT etc definitions in the config entry but I don't see the point. > > > > stable and this would seem to avoid much of the size growth, and all > > > the pain of trying to integrate another yet another hashing layer (we > > > already have normal, progressive and h/w acceleration, plus > > > > What's the difference between the first two? > > > > > UCLASS_HASH which h/w acceleration should use but that migration never > > [...] Thanks /Ilias
