From: Rasmus Villemoes <ravi@prevas.dk>
To: Simon Glass <sjg@chromium.org>
Cc: u-boot@lists.denx.de, Tom Rini <trini@konsulko.com>
Subject: Re: [PATCH] mkimage: do a rough estimate for the size needed for hashes/signatures
Date: Mon, 19 May 2025 12:27:54 +0200 [thread overview]
Message-ID: <878qms51zp.fsf@prevas.dk> (raw)
In-Reply-To: <CAFLszTjHnxzTxGUVOkTBo6CxoZc3DxO4q8=R8_Y847g_WHWM1w@mail.gmail.com> (Simon Glass's message of "Fri, 16 May 2025 17:39:57 +0200")
On Fri, May 16 2025, Simon Glass <sjg@chromium.org> wrote:
> Hi Rasmus,
>
> On Fri, 16 May 2025 at 14:54, Rasmus Villemoes <ravi@prevas.dk> wrote:
>>
>>
>> While not perfect, we can give a reasonable estimate of an upper bound
>> on the necessary extra size by simply counting the number of hash and
>> signature nodes in the FIT image.
>>
>> As indicated in the comments, one could probably make it even more
>> precise, and if there would ever be signatures larger than 512 bytes,
>> probably one would have to do that. But this works well enough in
>> practice for now, and is in fact an improvement in the normal case:
>> Currently, starting with size_inc of 0 is guaranteed to fail, so we
>> always enter the loop at least twice, even when not doing any signing
>> but merely filling hash values.
>>
>
> I have no particular objection here if you really want to go this way,
> but it seems to me that it would be better to have a way to determine
> the size of signatures using a new (or existing?) API call. Then you
> can make this deterministic and always correct.
Well, I'm not saying I won't revisit this at some point in the future
and improve on the heuristics.
However, as indicated, it's not just a matter of knowing the exact size
of the signature data; one also has to account for the space used by the
"hashed-nodes" property, which of course depends on the number of
elements in the sign-images property, but also on the number of hash-*
nodes in those "pointed-to" images. So it ends up being quite a lot of
code to get it more exact.
So yes, for now I would like to go this way, because it's a fix that
works for my use case now and is easy to reason about, and should also
be an improvement outside my use case in that it avoids at least one
iteration, but possibly many.
Rasmus
next prev parent reply other threads:[~2025-05-19 10:28 UTC|newest]
Thread overview: 7+ messages / expand[flat|nested] mbox.gz Atom feed top
2025-05-16 12:54 [PATCH] mkimage: do a rough estimate for the size needed for hashes/signatures Rasmus Villemoes
2025-05-16 15:39 ` Simon Glass
2025-05-19 10:27 ` Rasmus Villemoes [this message]
2025-05-23 20:20 ` Simon Glass
2025-06-04 14:25 ` Tom Rini
2025-06-04 20:19 ` Rasmus Villemoes
2025-06-04 23:08 ` Tom Rini
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=878qms51zp.fsf@prevas.dk \
--to=ravi@prevas.dk \
--cc=sjg@chromium.org \
--cc=trini@konsulko.com \
--cc=u-boot@lists.denx.de \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox