mail archive of the barebox mailing list
 help / color / mirror / Atom feed
From: Ahmad Fatoum <a.fatoum@pengutronix.de>
To: Lucas Stach <l.stach@pengutronix.de>,
	Sascha Hauer <s.hauer@pengutronix.de>,
	BAREBOX <barebox@lists.infradead.org>
Subject: Re: [PATCH 1/2] PBL: add pbl_sha256()
Date: Fri, 10 Jul 2026 19:53:50 +0200	[thread overview]
Message-ID: <6c5a0521-7374-40d9-9bd4-1bddd123efdb@pengutronix.de> (raw)
In-Reply-To: <7ed858acc36fa7e9ae970f98d5a96e712e01b44c.camel@pengutronix.de>

On 7/10/26 19:01, Lucas Stach wrote:
> Am Donnerstag, dem 09.07.2026 um 13:14 +0200 schrieb Sascha Hauer:
>> The PBL open-codes SHA-256 as sha256_init()/sha256_update()/sha256_final()
>> wherever it needs to hash a blob, which always uses the generic C transform.
>> Add pbl_sha256(), a one-shot helper that hides this behind a single call and
>> is free to pick the best transform available in the PBL. For now it only
>> wraps the generic C implementation; an accelerated path is added on top in a
>> later commit.
>>
>> Convert pbl_barebox_verify() in pbl/decomp.c to the new helper as the first
>> user.
>>
>> Signed-off-by: Sascha Hauer <s.hauer@pengutronix.de>
>> ---
>>  include/crypto/pbl-sha.h |  4 ++++
>>  pbl/Makefile             |  1 +
>>  pbl/decomp.c             |  6 +-----
>>  pbl/sha256.c             | 25 +++++++++++++++++++++++++
>>  4 files changed, 31 insertions(+), 5 deletions(-)
>>
>> diff --git a/include/crypto/pbl-sha.h b/include/crypto/pbl-sha.h
>> index 7d323ab479..2508448ab4 100644
>> --- a/include/crypto/pbl-sha.h
>> +++ b/include/crypto/pbl-sha.h
>> @@ -3,6 +3,7 @@
>>  
>>  #define __PBL_SHA_H_
>>  
>> +#include <crypto/sha.h>
>>  #include <digest.h>
>>  #include <types.h>
>>  
>> @@ -10,4 +11,7 @@ int sha256_init(struct digest *desc);
>>  int sha256_update(struct digest *desc, const void *data, unsigned long len);
>>  int sha256_final(struct digest *desc, u8 *out);
>>  
>> +/* One-shot SHA-256 that picks the best transform available in the PBL. */
>> +void pbl_sha256(const void *buf, size_t len, u8 out[SHA256_DIGEST_SIZE]);
>> +
>>  #endif /* __PBL-SHA_H_ */
>> diff --git a/pbl/Makefile b/pbl/Makefile
>> index 45cfbf5fba..4506f192fe 100644
>> --- a/pbl/Makefile
>> +++ b/pbl/Makefile
>> @@ -6,6 +6,7 @@
>>  pbl-y += misc.o
>>  pbl-y += string.o
>>  pbl-y += malloc.o
>> +pbl-y += sha256.o
>>  pbl-$(CONFIG_HAVE_IMAGE_COMPRESSION) += decomp.o
>>  pbl-$(CONFIG_LIBFDT) += fdt.o
>>  pbl-$(CONFIG_PBL_CONSOLE) += console.o
>> diff --git a/pbl/decomp.c b/pbl/decomp.c
>> index 1539a6b67e..2b3c35012f 100644
>> --- a/pbl/decomp.c
>> +++ b/pbl/decomp.c
>> @@ -58,8 +58,6 @@ extern unsigned char sha_sum_end[];
>>  int pbl_barebox_verify(const void *compressed_start, unsigned int len,
>>  		       const void *hash, unsigned int hash_len)
>>  {
>> -	struct sha256_state sha_state = { 0 };
>> -	struct digest d = { .ctx = &sha_state };
>>  	char computed_hash[SHA256_DIGEST_SIZE];
>>  	int i;
>>  	const char *char_hash = hash;
>> @@ -67,9 +65,7 @@ int pbl_barebox_verify(const void *compressed_start, unsigned int len,
>>  	if (hash_len != SHA256_DIGEST_SIZE)
>>  		return -1;
>>  
>> -	sha256_init(&d);
>> -	sha256_update(&d, compressed_start, len);
>> -	sha256_final(&d, computed_hash);
>> +	pbl_sha256(compressed_start, len, computed_hash);
>>  	if (IS_ENABLED(CONFIG_DEBUG_LL)) {
>>  		puts_ll("CH ");
>>  
>> diff --git a/pbl/sha256.c b/pbl/sha256.c
>> new file mode 100644
>> index 0000000000..86e54f8a25
>> --- /dev/null
>> +++ b/pbl/sha256.c
>> @@ -0,0 +1,25 @@
>> +// SPDX-License-Identifier: GPL-2.0-only
>> +/*
>> + * pbl_sha256() - one-shot SHA-256 for the PBL, picking the best available
>> + * transform (ARMv8 Crypto Extensions if present, else generic C).
> 
> This file isn't ARMv8 specific, so I don't really see why the comment
> would reference a specific implementation.
> 
>> + */
>> +
>> +#include <common.h>
>> +#include <crypto/sha.h>
>> +#include <crypto/pbl-sha.h>
>> +#include <digest.h>
>> +
>> +static void pbl_sha256_generic(const void *buf, size_t len, u8 *out)
>> +{
>> +	struct sha256_state state = { };
>> +	struct digest d = { .ctx = &state, .length = SHA256_DIGEST_SIZE };
>> +
>> +	sha256_init(&d);
>> +	sha256_update(&d, buf, len);
>> +	sha256_final(&d, out);
>> +}
>> +
>> +void pbl_sha256(const void *buf, size_t len, u8 out[SHA256_DIGEST_SIZE])
> 
> That's a weird way to write "u8 *out"...

Not weird enough: If we make it

u8 out[static SHA256_DIGEST_SIZE])

Compiler can emit some useful warnings if it deduces buffer isn't big enough.

Cheers,
Ahmad

> 
>> +{
>> +	pbl_sha256_generic(buf, len, out);
>> +}
> 
> 


-- 
Pengutronix e.K.                           |                             |
Steuerwalder Str. 21                       | http://www.pengutronix.de/  |
31137 Hildesheim, Germany                  | Phone: +49-5121-206917-0    |
Amtsgericht Hildesheim, HRA 2686           | Fax:   +49-5121-206917-5555 |



  reply	other threads:[~2026-07-10 17:55 UTC|newest]

Thread overview: 5+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2026-07-09 11:14 [PATCH 0/2] PBL: add support for optimized sha256 Sascha Hauer
2026-07-09 11:14 ` [PATCH 1/2] PBL: add pbl_sha256() Sascha Hauer
2026-07-10 17:01   ` Lucas Stach
2026-07-10 17:53     ` Ahmad Fatoum [this message]
2026-07-09 11:14 ` [PATCH 2/2] ARM: pbl: add PBL support for crypto extensions Sascha Hauer

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=6c5a0521-7374-40d9-9bd4-1bddd123efdb@pengutronix.de \
    --to=a.fatoum@pengutronix.de \
    --cc=barebox@lists.infradead.org \
    --cc=l.stach@pengutronix.de \
    --cc=s.hauer@pengutronix.de \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox