Merge tag 'v2021.10-rc4' into next

Prepare v2021.10-rc4

Signed-off-by: Tom Rini <trini@konsulko.com>

# gpg: Signature made Tue 14 Sep 2021 06:58:32 PM EDT
# gpg:                using RSA key 1A3C7F70E08FAB1707809BBF147C39FF9634B72C
# gpg: Good signature from "Thomas Rini <trini@konsulko.com>" [ultimate]

# Conflicts:
#	board/Arcturus/ucp1020/spl.c
#	cmd/mvebu/Kconfig
#	common/Kconfig.boot
#	common/image-fit.c
#	configs/UCP1020_defconfig
#	configs/sifive_unmatched_defconfig
#	drivers/pci/Kconfig
#	include/configs/UCP1020.h
#	include/configs/sifive-unmatched.h
#	lib/Makefile
#	scripts/config_whitelist.txt

8 files changed, 37 insertions, 140 deletions

diff --git a/common/Kconfig b/common/Kconfig
index 5c1151bf544..0543b839d18 100644
--- a/common/Kconfig
+++ b/common/Kconfig
@@ -557,7 +557,6 @@ config ID_EEPROM
 config PCI_INIT_R
 	bool "Enumerate PCI buses during init"
 	depends on PCI
-	default y if !DM_PCI
 	help
 	  With this option U-Boot will call pci_init() soon after relocation,
 	  which will enumerate PCI buses. This is needed, for instance, in the
diff --git a/common/Kconfig.boot b/common/Kconfig.boot
index e2780bdd8eb..f23b9988521 100644
--- a/common/Kconfig.boot
+++ b/common/Kconfig.boot
@@ -11,8 +11,10 @@ config ANDROID_BOOT_IMAGE
 
 config FIT
 	bool "Support Flattened Image Tree"
+	select HASH
 	select MD5
 	select SHA1
+	imply SHA256
 	help
 	  This option allows you to boot the new uImage structure,
 	  Flattened Image Tree.  FIT is formally a FDT, which can include
@@ -35,32 +37,6 @@ config FIT_EXTERNAL_OFFSET
 	  could be put in the hole between data payload and fit image
 	  header, such as CSF data on i.MX platform.
 
-config FIT_SHA256
-	bool "Support SHA256 checksum of FIT image contents"
-	default y
-	select SHA256
-	help
-	  Enable this to support SHA256 checksum of FIT image contents. A
-	  SHA256 checksum is a 256-bit (32-byte) hash value used to check that
-	  the image contents have not been corrupted.
-
-config FIT_SHA384
-	bool "Support SHA384 checksum of FIT image contents"
-	select SHA384
-	help
-	  Enable this to support SHA384 checksum of FIT image contents. A
-	  SHA384 checksum is a 384-bit (48-byte) hash value used to check that
-	  the image contents have not been corrupted. Use this for the highest
-	  security.
-
-config FIT_SHA512
-	bool "Support SHA512 checksum of FIT image contents"
-	select SHA512
-	help
-	  Enable this to support SHA512 checksum of FIT image contents. A
-	  SHA512 checksum is a 512-bit (64-byte) hash value used to check that
-	  the image contents have not been corrupted.
-
 config FIT_FULL_CHECK
 	bool "Do a full check of the FIT before using it"
 	default y
@@ -158,6 +134,7 @@ if SPL
 config SPL_FIT
 	bool "Support Flattened Image Tree within SPL"
 	depends on SPL
+	select SPL_HASH
 	select SPL_OF_LIBFDT
 
 config SPL_FIT_PRINT
@@ -182,7 +159,7 @@ config SPL_FIT_SIGNATURE
 	select FIT_SIGNATURE
 	select SPL_FIT
 	select SPL_CRYPTO
-	select SPL_HASH_SUPPORT
+	select SPL_HASH
 	imply SPL_RSA
 	imply SPL_RSA_VERIFY
 	select SPL_IMAGE_SIGN_INFO
diff --git a/common/Makefile b/common/Makefile
index f7852607a55..fb8173a5b82 100644
--- a/common/Makefile
+++ b/common/Makefile
@@ -8,7 +8,6 @@ ifndef CONFIG_SPL_BUILD
 obj-y += init/
 obj-y += main.o
 obj-y += exports.o
-obj-$(CONFIG_HASH) += hash.o
 obj-$(CONFIG_HUSH_PARSER) += cli_hush.o
 obj-$(CONFIG_AUTOBOOT) += autoboot.o
 
@@ -66,8 +65,6 @@ ifdef CONFIG_SPL_BUILD
 ifdef CONFIG_SPL_DFU
 obj-$(CONFIG_DFU_OVER_USB) += dfu.o
 endif
-obj-$(CONFIG_SPL_HASH_SUPPORT) += hash.o
-obj-$(CONFIG_TPL_HASH_SUPPORT) += hash.o
 obj-$(CONFIG_SPL_LOAD_FIT) += common_fit.o
 obj-$(CONFIG_SPL_NET) += miiphyutil.o
 obj-$(CONFIG_$(SPL_TPL_)OF_LIBFDT) += fdt_support.o
@@ -105,6 +102,7 @@ endif
 endif
 
 obj-y += image.o
+obj-$(CONFIG_$(SPL_TPL_)HASH) += hash.o
 obj-$(CONFIG_ANDROID_AB) += android_ab.o
 obj-$(CONFIG_ANDROID_BOOT_IMAGE) += image-android.o image-android-dt.o
 obj-$(CONFIG_$(SPL_TPL_)OF_LIBFDT) += image-fdt.o
diff --git a/common/board_r.c b/common/board_r.c
index 802a4c65d1f..0cbe5f7f3d7 100644
--- a/common/board_r.c
+++ b/common/board_r.c
@@ -114,7 +114,7 @@ static int initr_reloc(void)
 	return 0;
 }
 
-#ifdef CONFIG_ARM
+#if defined(CONFIG_ARM) || defined(CONFIG_RISCV)
 /*
  * Some of these functions are needed purely because the functions they
  * call return void. If we change them to return 0, these stubs can go away.
@@ -607,7 +607,7 @@ static init_fnc_t init_sequence_r[] = {
 	initr_trace,
 	initr_reloc,
 	/* TODO: could x86/PPC have this also perhaps? */
-#ifdef CONFIG_ARM
+#if defined(CONFIG_ARM) || defined(CONFIG_RISCV)
 	initr_caches,
 	/* Note: For Freescale LS2 SoCs, new MMU table is created in DDR.
 	 *	 A temporary mapping of IFC high region is since removed,
diff --git a/common/hash.c b/common/hash.c
index dca23635abe..6277fe65b3e 100644
--- a/common/hash.c
+++ b/common/hash.c
@@ -207,12 +207,25 @@ static int hash_finish_crc32(struct hash_algo *algo, void *ctx, void *dest_buf,
 	return 0;
 }
 
+#ifdef USE_HOSTCC
+# define I_WANT_MD5	1
+#else
+# define I_WANT_MD5	CONFIG_IS_ENABLED(MD5)
+#endif
 /*
  * These are the hash algorithms we support.  If we have hardware acceleration
  * is enable we will use that, otherwise a software version of the algorithm.
  * Note that algorithm names must be in lower case.
  */
 static struct hash_algo hash_algo[] = {
+#if I_WANT_MD5
+	{
+		.name		= "md5",
+		.digest_size	= MD5_SUM_LEN,
+		.chunk_size	= CHUNKSZ_MD5,
+		.hash_func_ws	= md5_wd,
+	},
+#endif
 #ifdef CONFIG_SHA1
 	{
 		.name 		= "sha1",
diff --git a/common/image-fit.c b/common/image-fit.c
index aa9c7814620..5a0a0cc2007 100644
--- a/common/image-fit.c
+++ b/common/image-fit.c
@@ -1215,7 +1215,7 @@ int fit_set_timestamp(void *fit, int noffset, time_t timestamp)
  *     0, on success
  *    -1, when algo is unsupported
  */
-int calculate_hash(const void *data, int data_len, const char *algo,
+int calculate_hash(const void *data, int data_len, const char *name,
 			uint8_t *value, int *value_len)
 {
 #if !defined(USE_HOSTCC) && defined(CONFIG_DM_HASH)
@@ -1243,35 +1243,19 @@ int calculate_hash(const void *data, int data_len, const char *algo,
 
 	*value_len = hash_algo_digest_size(hash_algo);
 #else
-	if (IMAGE_ENABLE_CRC32 && strcmp(algo, "crc32") == 0) {
-		*((uint32_t *)value) = crc32_wd(0, data, data_len,
-							CHUNKSZ_CRC32);
-		*((uint32_t *)value) = cpu_to_uimage(*((uint32_t *)value));
-		*value_len = 4;
-	} else if (CONFIG_IS_ENABLED(SHA1) && strcmp(algo, "sha1") == 0) {
-		sha1_csum_wd((unsigned char *)data, data_len,
-			     (unsigned char *)value, CHUNKSZ_SHA1);
-		*value_len = 20;
-	} else if (CONFIG_IS_ENABLED(SHA256) && strcmp(algo, "sha256") == 0) {
-		sha256_csum_wd((unsigned char *)data, data_len,
-			       (unsigned char *)value, CHUNKSZ_SHA256);
-		*value_len = SHA256_SUM_LEN;
-	} else if (CONFIG_IS_ENABLED(SHA384) && strcmp(algo, "sha384") == 0) {
-		sha384_csum_wd((unsigned char *)data, data_len,
-			       (unsigned char *)value, CHUNKSZ_SHA384);
-		*value_len = SHA384_SUM_LEN;
-	} else if (CONFIG_IS_ENABLED(SHA512) && strcmp(algo, "sha512") == 0) {
-		sha512_csum_wd((unsigned char *)data, data_len,
-			       (unsigned char *)value, CHUNKSZ_SHA512);
-		*value_len = SHA512_SUM_LEN;
-	} else if (IMAGE_ENABLE_MD5 && strcmp(algo, "md5") == 0) {
-		md5_wd((unsigned char *)data, data_len, value, CHUNKSZ_MD5);
-		*value_len = 16;
-	} else {
+	struct hash_algo *algo;
+	int ret;
+
+	ret = hash_lookup_algo(name, &algo);
+	if (ret < 0) {
 		debug("Unsupported hash alogrithm\n");
 		return -1;
 	}
+
+	algo->hash_func_ws(data, data_len, value, algo->chunk_size);
+	*value_len = algo->digest_size;
 #endif
+
 	return 0;
 }
 
diff --git a/common/image-sig.c b/common/image-sig.c
index fb0035524e0..fa9407bb300 100644
--- a/common/image-sig.c
+++ b/common/image-sig.c
@@ -51,19 +51,6 @@ struct checksum_algo checksum_algos[] = {
 
 };
 
-struct padding_algo padding_algos[] = {
-	{
-		.name = "pkcs-1.5",
-		.verify = padding_pkcs_15_verify,
-	},
-#ifdef CONFIG_FIT_RSASSA_PSS
-	{
-		.name = "pss",
-		.verify = padding_pss_verify,
-	}
-#endif /* CONFIG_FIT_RSASSA_PSS */
-};
-
 struct checksum_algo *image_get_checksum_algo(const char *full_name)
 {
 	int i;
@@ -129,14 +116,16 @@ struct crypto_algo *image_get_crypto_algo(const char *full_name)
 
 struct padding_algo *image_get_padding_algo(const char *name)
 {
-	int i;
+	struct padding_algo *padding, *end;
 
 	if (!name)
 		return NULL;
 
-	for (i = 0; i < ARRAY_SIZE(padding_algos); i++) {
-		if (!strcmp(padding_algos[i].name, name))
-			return &padding_algos[i];
+	padding = ll_entry_start(struct padding_algo, paddings);
+	end = ll_entry_end(struct padding_algo, paddings);
+	for (; padding < end; padding++) {
+		if (!strcmp(padding->name, name))
+			return padding;
 	}
 
 	return NULL;
diff --git a/common/spl/Kconfig b/common/spl/Kconfig
index 34e8a12036b..34f6fc2cfad 100644
--- a/common/spl/Kconfig
+++ b/common/spl/Kconfig
@@ -439,48 +439,6 @@ config SPL_MD5
 	  applications where images may be changed maliciously, you should
 	  consider SHA256 or SHA384.
 
-config SPL_FIT_SHA1
-	bool "Support SHA1"
-	depends on SPL_FIT
-	select SHA1
-	help
-	  Enable this to support SHA1 in FIT images within SPL. A SHA1
-	  checksum is a 160-bit (20-byte) hash value used to check that the
-	  image contents have not been corrupted or maliciously altered.
-	  While SHA1 is fairly secure it is coming to the end of its life
-	  due to the expanding computing power available to brute-force
-	  attacks. For more security, consider SHA256 or SHA384.
-
-config SPL_FIT_SHA256
-	bool "Support SHA256"
-	depends on SPL_FIT
-	select SHA256
-	help
-	  Enable this to support SHA256 in FIT images within SPL. A SHA256
-	  checksum is a 256-bit (32-byte) hash value used to check that the
-	  image contents have not been corrupted.
-
-config SPL_FIT_SHA384
-	bool "Support SHA384"
-	depends on SPL_FIT
-	select SHA384
-	select SHA512_ALGO
-	help
-	  Enable this to support SHA384 in FIT images within SPL. A SHA384
-	  checksum is a 384-bit (48-byte) hash value used to check that the
-	  image contents have not been corrupted. Use this for the highest
-	  security.
-
-config SPL_FIT_SHA512
-	bool "Support SHA512"
-	depends on SPL_FIT
-	select SHA512
-	select SHA512_ALGO
-	help
-	  Enable this to support SHA512 in FIT images within SPL. A SHA512
-	  checksum is a 512-bit (64-byte) hash value used to check that the
-	  image contents have not been corrupted.
-
 config SPL_FIT_IMAGE_TINY
 	bool "Remove functionality from SPL FIT loading to reduce size"
 	depends on SPL_FIT
@@ -519,27 +477,6 @@ config SPL_CRYPTO
 	  this option to build the drivers in drivers/crypto as part of an
 	  SPL build.
 
-config SPL_HASH_SUPPORT
-	bool "Support hashing drivers"
-	select SHA1
-	select SHA256
-	help
-	  Enable hashing drivers in SPL. These drivers can be used to
-	  accelerate secure boot processing in secure applications. Enable
-	  this option to build system-specific drivers for hash acceleration
-	  as part of an SPL build.
-
-config TPL_HASH_SUPPORT
-	bool "Support hashing drivers in TPL"
-	depends on TPL
-	select SHA1
-	select SHA256
-	help
-	  Enable hashing drivers in SPL. These drivers can be used to
-	  accelerate secure boot processing in secure applications. Enable
-	  this option to build system-specific drivers for hash acceleration
-	  as part of an SPL build.
-
 config SPL_DMA
 	bool "Support DMA drivers"
 	help
@@ -1228,7 +1165,7 @@ config SPL_USB_ETHER
 
 config SPL_DFU
 	bool "Support DFU (Device Firmware Upgrade)"
-	select SPL_HASH_SUPPORT
+	select SPL_HASH
 	select SPL_DFU_NO_RESET
 	depends on SPL_RAM_SUPPORT
 	help