diff options
| author | Simon Goldschmidt <simon.k.r.goldschmidt@gmail.com> | 2019-02-10 21:34:37 +0100 |
|---|---|---|
| committer | Tom Rini <trini@konsulko.com> | 2019-02-19 08:55:43 -0500 |
| commit | dae5c2dcdc2bc826a4ee0a58b08fd004b6259373 (patch) | |
| tree | cce328236d6aca49467c14efe6d8e7e06849d5dd /common/spl/Kconfig | |
| parent | 8502fe84a4fc1eb5610b1dbb102ff11b02aee25f (diff) | |
| download | u-boot-dae5c2dcdc2bc826a4ee0a58b08fd004b6259373.tar.gz | |
spl: implement CRC check on U-Boot uImage
SPL currently does not check uImage CRCs when loading U-Boot.
This patch adds checking the uImage CRC when SPL loads U-Boot. It does
this by reusing the existing config option SPL_CRC32_SUPPORT to allow
leaving out the CRC check on boards where the additional code size or
boot time is a problem (adding the CRC check currently adds ~1.4 kByte
to flash).
The SPL_CRC32_SUPPORT config option now gets enabled by default if SPL
support for legacy images is enabled to check the CRC on all boards
that don't actively take countermeasures.
Signed-off-by: Simon Goldschmidt <simon.k.r.goldschmidt@gmail.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
Diffstat (limited to 'common/spl/Kconfig')
| -rw-r--r-- | common/spl/Kconfig | 22 |
1 files changed, 16 insertions, 6 deletions
diff --git a/common/spl/Kconfig b/common/spl/Kconfig index 85edd5a61f8..206c24076da 100644 --- a/common/spl/Kconfig +++ b/common/spl/Kconfig @@ -100,6 +100,16 @@ config SPL_LEGACY_IMAGE_SUPPORT is y. If this is not set, SPL will move on to other available boot media to find a suitable image. +config SPL_LEGACY_IMAGE_CRC_CHECK + bool "Check CRC of Legacy images" + depends on SPL_LEGACY_IMAGE_SUPPORT + select SPL_CRC32_SUPPORT + help + Enable this to check the CRC of Legacy images. While this increases + reliability, it affects both code size and boot duration. + If disabled, Legacy images are booted if the image magic and size + are correct, without further integrity checks. + config SPL_SYS_MALLOC_SIMPLE bool prompt "Only use malloc_simple functions in the SPL" @@ -236,13 +246,13 @@ config SYS_MMCSD_RAW_MODE_U_BOOT_PARTITION_TYPE config SPL_CRC32_SUPPORT bool "Support CRC32" - depends on SPL_FIT + default y if SPL_LEGACY_IMAGE_SUPPORT help - Enable this to support CRC32 in FIT images within SPL. This is a - 32-bit checksum value that can be used to verify images. This is - the least secure type of checksum, suitable for detected - accidental image corruption. For secure applications you should - consider SHA1 or SHA256. + Enable this to support CRC32 in uImages or FIT images within SPL. + This is a 32-bit checksum value that can be used to verify images. + For FIT images, this is the least secure type of checksum, suitable + for detected accidental image corruption. For secure applications you + should consider SHA1 or SHA256. config SPL_MD5_SUPPORT bool "Support MD5" |