FIT: Rename FIT_DISABLE_SHA256 to FIT_ENABLE_SHA256_SUPPORT

We rename CONFIG_FIT_DISABLE_SHA256 to CONFIG_FIT_ENABLE_SHA256_SUPPORT which is enabled by default and now a positive option. Convert the handful of boards that were disabling it before to save space. Cc: Dirk Eibach <eibach@gdsys.de> Cc: Lukasz Dalek <luk0104@gmail.com> Signed-off-by: Tom Rini <trini@konsulko.com> Reviewed-by: Simon Glass <sjg@chromium.org> Reviewed-by: Simon Glass <sjg@chromium.org>
author: Tom Rini <trini@konsulko.com> 2017-05-15 12:17:48 -0400
committer: Tom Rini <trini@konsulko.com> 2017-05-22 07:29:55 -0400
commit: 0db7f6859fef41c1e95bcef75761054a01782d1b (patch)
tree: 8c9300e6b0000d2ef84908c73bd679ce21209edf /Kconfig
parent: 6b83c38d7a195f0e93cd6ff069a69105cb59a091 (diff)
1 files changed, 13 insertions, 0 deletions
diff --git a/Kconfig b/Kconfig
index 1cf990dfce..0a445313f6 100644
--- a/Kconfig
+++ b/Kconfig
@@ -157,6 +157,19 @@ config FIT
 
 if FIT
 
+config FIT_ENABLE_SHA256_SUPPORT
+	bool "Support SHA256 checksum of FIT image contents"
+	default y
+	help
+	  Enable this to support SHA256 checksum of FIT image contents. A
+	  SHA256 checksum is a 256-bit (32-byte) hash value used to check that
+	  the image contents have not been corrupted. SHA256 is recommended
+	  for use in secure applications since (as at 2016) there is no known
+	  feasible attack that could produce a 'collision' with differing
+	  input data. Use this for the highest security. Note that only the
+	  SHA256 variant is supported: SHA512 and others are not currently
+	  supported in U-Boot.
+
 config FIT_SIGNATURE
 	bool "Enable signature verification of FIT uImages"
 	depends on DM
author	Tom Rini <trini@konsulko.com>	2017-05-15 12:17:48 -0400
committer	Tom Rini <trini@konsulko.com>	2017-05-22 07:29:55 -0400
commit	0db7f6859fef41c1e95bcef75761054a01782d1b (patch)
tree	8c9300e6b0000d2ef84908c73bd679ce21209edf /Kconfig
parent	6b83c38d7a195f0e93cd6ff069a69105cb59a091 (diff)