Re: [PATCH v5 00/16] hw/misc/aspeed_hace: Fix SG Accumulative Hash Calculations

["Daniel P. Berrangé" <berrange@redhat.com>]

On Tue, Oct 08, 2024 at 09:57:07AM +0200, Cédric Le Goater wrote:
> Hello,
> 
> This is a resping of Alejandro's series fixing SG Accumulative Hash
> Calculations. See [1] for more details. 
> 
> The goal of this patch series is to fix accumulative hashing support
> in the Aspeed HACE module. The issue that stemmed this patch was a
> failure to boot an OpenBMC image using the "ast2600-evb" machine. The
> U-boot 2019.04 loader failed to verify image hashes.
> 
> These incorrect image hashes given by the HACE to the U-boot guest are
> due to an oversight in the HACE module. Previously when operating in
> scatter-gather accumulative mode, the HACE would cache the address
> provided by the guest which contained the source data. However, there
> was no deep copy, so when HACE generated the digest upon the reception
> of the final accumulative chunk the digest was incorrect, as the
> addresses provided had their regions overwritten by that time.
> 
> This fix consists of two main steps:
> * Add an accumulative hashing function to the qcrypto library
> * Modify the HACE module to use the accumulative hashing functions
> 
> All the crypto library backends (nettle, gnutls, etc.) support
> accumulative hashing, so it was trivial to create wrappers for those
> functions.

I'll queue all except patch 16, and send a PULL request
for it, and let you handle the last patch.


With regards,
Daniel
-- 
|: https://berrange.com      -o-    https://www.flickr.com/photos/dberrange :|
|: https://libvirt.org         -o-            https://fstop138.berrange.com :|
|: https://entangle-photo.org    -o-    https://www.instagram.com/dberrange :|