From 0db7f6859fef41c1e95bcef75761054a01782d1b Mon Sep 17 00:00:00 2001
From: Tom Rini <trini@konsulko.com>
Date: Mon, 15 May 2017 12:17:48 -0400
Subject: FIT: Rename FIT_DISABLE_SHA256 to FIT_ENABLE_SHA256_SUPPORT

We rename CONFIG_FIT_DISABLE_SHA256 to CONFIG_FIT_ENABLE_SHA256_SUPPORT which
is enabled by default and now a positive option.  Convert the handful of boards
that were disabling it before to save space.

Cc: Dirk Eibach <eibach@gdsys.de>
Cc: Lukasz Dalek <luk0104@gmail.com>
Signed-off-by: Tom Rini <trini@konsulko.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Simon Glass <sjg@chromium.org>
---
 Kconfig | 13 +++++++++++++
 1 file changed, 13 insertions(+)

(limited to 'Kconfig')

diff --git a/Kconfig b/Kconfig
index 1cf990dfce3..0a445313f62 100644
--- a/Kconfig
+++ b/Kconfig
@@ -157,6 +157,19 @@ config FIT
 
 if FIT
 
+config FIT_ENABLE_SHA256_SUPPORT
+	bool "Support SHA256 checksum of FIT image contents"
+	default y
+	help
+	  Enable this to support SHA256 checksum of FIT image contents. A
+	  SHA256 checksum is a 256-bit (32-byte) hash value used to check that
+	  the image contents have not been corrupted. SHA256 is recommended
+	  for use in secure applications since (as at 2016) there is no known
+	  feasible attack that could produce a 'collision' with differing
+	  input data. Use this for the highest security. Note that only the
+	  SHA256 variant is supported: SHA512 and others are not currently
+	  supported in U-Boot.
+
 config FIT_SIGNATURE
 	bool "Enable signature verification of FIT uImages"
 	depends on DM
-- 
cgit v1.2.3