Am Mi., 18. Nov. 2020 um 22:03 Uhr schrieb Nico Huber nico.h@gmx.de:
The vboot dependency has been a PITA for a while. I'll happily accept patches that make it less of a pain even if that means a little more maintenance effort. I'd even accept a local hash implementation.
That's an option. That isn't what was proposed though. The proposal was "I don't need this, it annoys me, let's drop it".
But I wonder, if that were a policy, would vboot have
such implementations? I'm sure they weren't the first. Maybe there were even concerns about external code?
Suitable license (rules out everything GNU for GPL3+, OpenSSL + offspring for their advertising clause or tomcrypt for not having a license), somewhat recently maintained (rules out libtomcrypt and SPARK crypto), suitable for embedded purposes (rules out Java implementations). Exactly the issues coreboot would face when selecting an implementation to copy. Just that by the time coreboot had to consider hashing data, vboot existed, it ticked the right boxes, and some people with overlap to coreboot were familiar with it.
Patrick