Am Dienstag, den 06.08.2019, 07:11 +0200 schrieb Rouven Czerwinski: > Extract the necessary functions from sha256 into a PBL headder and add a > verification function to the PBL. The function will be called before the > individual architectures decompress functions is run. > > > Signed-off-by: Rouven Czerwinski <r.czerwinski@xxxxxxxxxxxxxx> > --- > crypto/Makefile | 2 ++ > crypto/sha2.c | 11 +++++++---- > include/crypto/pbl-sha.h | 13 +++++++++++++ > include/pbl.h | 2 ++ > pbl/Kconfig | 9 +++++++++ > pbl/decomp.c | 39 +++++++++++++++++++++++++++++++++++++++ > 6 files changed, 72 insertions(+), 4 deletions(-) > create mode 100644 include/crypto/pbl-sha.h [...] > +config PBL_VERIFY_PIGGY > > + depends on ARM > > + bool > > + help > > + Use a PBL builtin sha256sum to verify the piggydata before decompression. > > + WARNING: your board will not boot if a mismatch is detected, enable DEBUG_LL > > + to see the builtin and calculated hash. > > + This effectively locks a given PBL to the matching main barebox. Having a help text for an invisible option doesn't make too much sense. Regards, Lucas _______________________________________________ barebox mailing list barebox@xxxxxxxxxxxxxxxxxxx http://lists.infradead.org/mailman/listinfo/barebox
