Skip to content

Commit bc6c610

Browse files
committed
bootutil: Enable hash calculation directly on storage
The commit add support for passing storage device address space to hash calculation functions, which allows to use hardware accelerated hash calculation on storage. This feature only works when image encryption is not enabled and all slots are defined within internal storage of device. The feature is enabled using Kconfig option CONFIG_BOOT_IMG_HASH_DIRECTLY_ON_STORAGE Signed-off-by: Dominik Ermel <[email protected]>
1 parent d22c548 commit bc6c610

File tree

3 files changed

+35
-3
lines changed

3 files changed

+35
-3
lines changed

boot/bootutil/src/image_validate.c

Lines changed: 12 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -68,13 +68,15 @@ bootutil_img_hash(struct enc_key_data *enc_state, int image_index,
6868
uint8_t *seed, int seed_len)
6969
{
7070
bootutil_sha_context sha_ctx;
71-
uint32_t blk_sz;
7271
uint32_t size;
7372
uint16_t hdr_size;
74-
uint32_t off;
75-
int rc;
7673
uint32_t blk_off;
7774
uint32_t tlv_off;
75+
#if !defined(MCUBOOT_HASH_STORAGE_DIRECTLY)
76+
int rc;
77+
uint32_t off;
78+
uint32_t blk_sz;
79+
#endif
7880

7981
#if (BOOT_IMAGE_NUMBER == 1) || !defined(MCUBOOT_ENC_IMAGES) || \
8082
defined(MCUBOOT_RAM_LOAD)
@@ -117,6 +119,12 @@ bootutil_img_hash(struct enc_key_data *enc_state, int image_index,
117119
/* If protected TLVs are present they are also hashed. */
118120
size += hdr->ih_protect_tlv_size;
119121

122+
#ifdef MCUBOOT_HASH_STORAGE_DIRECTLY
123+
/* No chunk loading, storage is mapped to address space and can
124+
* be directly given to hashing function.
125+
*/
126+
bootutil_sha_update(&sha_ctx, (void *)flash_area_get_off(fap), size);
127+
#else /* MCUBOOT_HASH_STORAGE_DIRECTLY */
120128
#ifdef MCUBOOT_RAM_LOAD
121129
bootutil_sha_update(&sha_ctx,
122130
(void*)(IMAGE_RAM_BASE + hdr->ih_load_addr),
@@ -161,6 +169,7 @@ bootutil_img_hash(struct enc_key_data *enc_state, int image_index,
161169
bootutil_sha_update(&sha_ctx, tmp_buf, blk_sz);
162170
}
163171
#endif /* MCUBOOT_RAM_LOAD */
172+
#endif /* MCUBOOT_HASH_STORAGE_DIRECTLY */
164173
bootutil_sha_finish(&sha_ctx, hash_result);
165174
bootutil_sha_drop(&sha_ctx);
166175

boot/zephyr/Kconfig

Lines changed: 16 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -89,6 +89,22 @@ config BOOT_IMG_HASH_ALG_SHA512_ALLOW
8989
help
9090
Hidden option set by configurations that allow SHA512
9191

92+
config BOOT_IMG_HASH_DIRECTLY_ON_STORAGE
93+
bool "Hash calculation functions access storage through address space"
94+
depends on !BOOT_ENCRYPT_IMAGE
95+
help
96+
When possible to map storage device, at least for read operations,
97+
to address space or RAM area, enabling this option allows hash
98+
calculation functions to directly access the storage through that address
99+
space or using its own DMA. This reduces flash read overhead done
100+
by the MCUboot.
101+
Notes:
102+
- not supported when encrypted images are in use, because calculating
103+
SHA requires image to be decrypted first, which is done to RAM.
104+
- currently only supported on internal storage of devices; this
105+
option will not work with devices that use external storage for
106+
either of image slots.
107+
92108
choice BOOT_IMG_HASH_ALG
93109
prompt "Selected image hash algorithm"
94110
default BOOT_IMG_HASH_ALG_SHA256 if BOOT_IMG_HASH_ALG_SHA256_ALLOW

boot/zephyr/include/mcuboot_config/mcuboot_config.h

Lines changed: 7 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -141,6 +141,13 @@
141141
#define MCUBOOT_DECOMPRESS_IMAGES
142142
#endif
143143

144+
/* Invoke hashing functions directly on storage. This requires for device
145+
* to be able to map storage to address space or RAM.
146+
*/
147+
#ifdef CONFIG_BOOT_IMG_HASH_DIRECTLY_ON_STORAGE
148+
#define MCUBOOT_HASH_STORAGE_DIRECTLY
149+
#endif
150+
144151
#ifdef CONFIG_BOOT_BOOTSTRAP
145152
#define MCUBOOT_BOOTSTRAP 1
146153
#endif

0 commit comments

Comments
 (0)