All of lore.kernel.org
 help / color / mirror / Atom feed
* [Buildroot] [PATCH] host-rauc: Allow use of host-libp11 for crypto hardware support
@ 2019-02-23  2:23 Trent Piepho
  2019-06-23 16:04 ` Thomas Petazzoni
  0 siblings, 1 reply; 2+ messages in thread
From: Trent Piepho @ 2019-02-23  2:23 UTC (permalink / raw)
  To: buildroot

To use a private key stored on a hardware crypto module, such as an HSM
or smart card, rauc needs OpenSSL to have support for pkcs11 modules.
OpenSSL achieves this through the libp11 library.

The libp11 engine for OpenSSL is a dynamic module, so the dependency is
at rauc's runtime, rather than openssl's or rauc's build time.  However,
it still needs to be added as a dependency, so that anything that uses
host-rauc when building can be assured that host-rauc is fully
functional.

As this is a runtime dependency, there's no need for a target
dependency.  And it's only used for signing updates, which isn't done on
the target anyway.

Signed-off-by: Trent Piepho <tpiepho@impinj.com>
---
To work, this requires the patch to add libp11, 
https://patchwork.ozlabs.org/patch/1009607/

 package/rauc/rauc.mk | 1 +
 1 file changed, 1 insertion(+)

diff --git a/package/rauc/rauc.mk b/package/rauc/rauc.mk
index 3848a010b3..92a5717544 100644
--- a/package/rauc/rauc.mk
+++ b/package/rauc/rauc.mk
@@ -30,6 +30,7 @@ RAUC_DEPENDENCIES += systemd
 endif
 
 HOST_RAUC_DEPENDENCIES = host-pkgconf host-openssl host-libglib2 host-squashfs
+HOST_RAUC_DEPENDENCIES += $(if $(BR2_PACKAGE_HOST_LIBP11),host-libp11)
 HOST_RAUC_CONF_OPTS += --disable-network --disable-json --disable-service
 
 $(eval $(autotools-package))
-- 
2.14.4

^ permalink raw reply related	[flat|nested] 2+ messages in thread
* [Buildroot] [PATCH] host-rauc: Allow use of host-libp11 for crypto hardware support
  2019-02-23  2:23 [Buildroot] [PATCH] host-rauc: Allow use of host-libp11 for crypto hardware support Trent Piepho
@ 2019-06-23 16:04 ` Thomas Petazzoni
  0 siblings, 0 replies; 2+ messages in thread
From: Thomas Petazzoni @ 2019-06-23 16:04 UTC (permalink / raw)
  To: buildroot

On Sat, 23 Feb 2019 02:23:51 +0000
Trent Piepho <tpiepho@impinj.com> wrote:

> To use a private key stored on a hardware crypto module, such as an HSM
> or smart card, rauc needs OpenSSL to have support for pkcs11 modules.
> OpenSSL achieves this through the libp11 library.
> 
> The libp11 engine for OpenSSL is a dynamic module, so the dependency is
> at rauc's runtime, rather than openssl's or rauc's build time.  However,
> it still needs to be added as a dependency, so that anything that uses
> host-rauc when building can be assured that host-rauc is fully
> functional.
> 
> As this is a runtime dependency, there's no need for a target
> dependency.  And it's only used for signing updates, which isn't done on
> the target anyway.
> 
> Signed-off-by: Trent Piepho <tpiepho@impinj.com>
> ---
> To work, this requires the patch to add libp11, 
> https://patchwork.ozlabs.org/patch/1009607/

Applied to master, thanks.

Thomas
-- 
Thomas Petazzoni, CTO, Bootlin
Embedded Linux and Kernel engineering
https://bootlin.com

^ permalink raw reply	[flat|nested] 2+ messages in thread
end of thread, other threads:[~2019-06-23 16:04 UTC | newest]

Thread overview: 2+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2019-02-23  2:23 [Buildroot] [PATCH] host-rauc: Allow use of host-libp11 for crypto hardware support Trent Piepho
2019-06-23 16:04 ` Thomas Petazzoni

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.