René Reuter wrote:
- Another library with SHA-2 family is hard too find
LibTom has the code, I've used it in mysql-sha256 and it works well. http://git.stuge.se/?p=mysql-sha256.git
and I can't use any untrusted or unmaintained code in my thesis, but thanks for that.
This is a very surprising statement from an author on the topic of trust.
What constitutes untrusted for you? Is upstream OpenSSL the only trusted code? Or is it debian OpenSSL? (I don't care that the problem was in debian in particular, it is just an example.)
Why is unmaintained code a problem at all? Did you investigate why LibTom is unmaintained? I think it matters.
http://it.slashdot.org/comments.pl?sid=191594&cid=15743508 is a good read too. (Yes, same Tom.)
Hopefully in future, it will be easier to link foreign packages in Coreboot.
Don't hold your breath. I do not expect that this will change much for reasons described by Carl-Daniel, and in particular any change should not happen in coreboot.
"Foreign packages" are not written with the boot environment in mind, thus they do not function well there. This is true also for the very foundation of open source "foreign packages" namely gcc. The reason is simple; the boot environment is different enough from an operating system environment to cause a lot of problems in common assumptions made in software.
I think you could have gotten some good advice in time to make your demo run had you gotten in touch earlier during your thesis work. :\
//Peter