From 20c3dab71b735a8d5182e5c4c17b69d840d56f79 Mon Sep 17 00:00:00 2001
From: Dominik Ermel <dominik.ermel@nordicsemi.no>
Date: Thu, 5 Sep 2024 10:53:17 +0000
Subject: [PATCH] zephyr: Add Kconfig and configuration for SHA on storage

Adds CONFIG_BOOT_IMG_HASH_DIRECTLY_ON_STORAGE, which
enables MCUBOOT_HASH_STORAGE_DIRECTLY for Zephyr.

Signed-off-by: Dominik Ermel <dominik.ermel@nordicsemi.no>
---
 boot/zephyr/Kconfig                              | 16 ++++++++++++++++
 .../include/mcuboot_config/mcuboot_config.h      |  7 +++++++
 2 files changed, 23 insertions(+)

diff --git a/boot/zephyr/Kconfig b/boot/zephyr/Kconfig
index b5807cc17..a131c29a3 100644
--- a/boot/zephyr/Kconfig
+++ b/boot/zephyr/Kconfig
@@ -88,6 +88,22 @@ config BOOT_IMG_HASH_ALG_SHA512_ALLOW
 	help
 	  Hidden option set by configurations that allow SHA512
 
+config BOOT_IMG_HASH_DIRECTLY_ON_STORAGE
+	bool "Hash calculation functions access storage through address space"
+	depends on !BOOT_ENCRYPT_IMAGE
+	help
+	  When possible to map storage device, at least for read operations,
+	  to address space or RAM area, enabling this option allows hash
+	  calculation functions to directly access the storage through that address
+	  space or using its own DMA. This reduces flash read overhead done
+	  by MCUboot.
+	  Notes:
+	    - not supported when encrypted images are in use, because calculating
+	      SHA requires image to be decrypted first, which is done in RAM.
+	    - currently only supported on internal storage of devices; this
+	      option will not work with devices that use external storage for
+	      either of the image slots.
+
 choice BOOT_IMG_HASH_ALG
 	prompt "Selected image hash algorithm"
 	default BOOT_IMG_HASH_ALG_SHA256 if BOOT_IMG_HASH_ALG_SHA256_ALLOW
diff --git a/boot/zephyr/include/mcuboot_config/mcuboot_config.h b/boot/zephyr/include/mcuboot_config/mcuboot_config.h
index 8d479ced7..a4e0ccefc 100644
--- a/boot/zephyr/include/mcuboot_config/mcuboot_config.h
+++ b/boot/zephyr/include/mcuboot_config/mcuboot_config.h
@@ -141,6 +141,13 @@
 #define MCUBOOT_DECOMPRESS_IMAGES
 #endif
 
+/* Invoke hashing functions directly on storage device. This requires the device
+ * be able to map storage to address space or RAM.
+ */
+#ifdef CONFIG_BOOT_IMG_HASH_DIRECTLY_ON_STORAGE
+#define MCUBOOT_HASH_STORAGE_DIRECTLY
+#endif
+
 #ifdef CONFIG_BOOT_BOOTSTRAP
 #define MCUBOOT_BOOTSTRAP 1
 #endif