Gitiles
Code Review Sign In
git01.mediatek.com / filogic / uboot / 171404778ef3d875e388245ef25fab88a306dbff^! / . / common / spl / Kconfig
commit171404778ef3d875e388245ef25fab88a306dbff[log] [tgz]
authorSimon Goldschmidt <simon.k.r.goldschmidt@gmail.com>Sun Feb 10 21:34:37 2019 +0100
committerTom Rini <trini@konsulko.com>Tue Feb 19 08:55:43 2019 -0500
treecce328236d6aca49467c14efe6d8e7e06849d5dd
parent7dab692d5fa0da981db674e39e4acb278c87a3a5 [diff] [blame]
spl: implement CRC check on U-Boot uImage

SPL currently does not check uImage CRCs when loading U-Boot.

This patch adds checking the uImage CRC when SPL loads U-Boot. It does
this by reusing the existing config option SPL_CRC32_SUPPORT to allow
leaving out the CRC check on boards where the additional code size or
boot time is a problem (adding the CRC check currently adds ~1.4 kByte
to flash).

The SPL_CRC32_SUPPORT config option now gets enabled by default if SPL
support for legacy images is enabled to check the CRC on all boards
that don't actively take countermeasures.

Signed-off-by: Simon Goldschmidt <simon.k.r.goldschmidt@gmail.com>
Reviewed-by: Simon Glass <sjg@chromium.org>

diff --git a/common/spl/Kconfig b/common/spl/Kconfig
index 85edd5a..206c240 100644
--- a/common/spl/Kconfig
+++ b/common/spl/Kconfig

@@ -100,6 +100,16 @@
 	  is y. If this is not set, SPL will move on to other available
 	  boot media to find a suitable image.
 
+config SPL_LEGACY_IMAGE_CRC_CHECK
+	bool "Check CRC of Legacy images"
+	depends on SPL_LEGACY_IMAGE_SUPPORT
+	select SPL_CRC32_SUPPORT
+	help
+	  Enable this to check the CRC of Legacy images. While this increases
+	  reliability, it affects both code size and boot duration.
+	  If disabled, Legacy images are booted if the image magic and size
+	  are correct, without further integrity checks.
+
 config SPL_SYS_MALLOC_SIMPLE
 	bool
 	prompt "Only use malloc_simple functions in the SPL"
@@ -236,13 +246,13 @@
 
 config SPL_CRC32_SUPPORT
 	bool "Support CRC32"
-	depends on SPL_FIT
+	default y if SPL_LEGACY_IMAGE_SUPPORT
 	help
-	  Enable this to support CRC32 in FIT images within SPL. This is a
-	  32-bit checksum value that can be used to verify images. This is
-	  the least secure type of checksum, suitable for detected
-	  accidental image corruption. For secure applications you should
-	  consider SHA1 or SHA256.
+	  Enable this to support CRC32 in uImages or FIT images within SPL.
+	  This is a 32-bit checksum value that can be used to verify images.
+	  For FIT images, this is the least secure type of checksum, suitable
+	  for detected accidental image corruption. For secure applications you
+	  should consider SHA1 or SHA256.
 
 config SPL_MD5_SUPPORT
 	bool "Support MD5"