From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-7.2 required=3.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,HEADER_FROM_DIFFERENT_DOMAINS,MAILING_LIST_MULTI, SPF_HELO_NONE,SPF_PASS,USER_AGENT_SANE_1 autolearn=no autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 5FA5AC4743C for ; Mon, 21 Jun 2021 20:35:49 +0000 (UTC) Received: from phobos.denx.de (phobos.denx.de [85.214.62.61]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPS id CE0C860FE6 for ; Mon, 21 Jun 2021 20:35:48 +0000 (UTC) DMARC-Filter: OpenDMARC Filter v1.3.2 mail.kernel.org CE0C860FE6 Authentication-Results: mail.kernel.org; dmarc=none (p=none dis=none) header.from=konsulko.com Authentication-Results: mail.kernel.org; spf=pass smtp.mailfrom=u-boot-bounces@lists.denx.de Received: from h2850616.stratoserver.net (localhost [IPv6:::1]) by phobos.denx.de (Postfix) with ESMTP id 46A16829BE; Mon, 21 Jun 2021 22:35:46 +0200 (CEST) Authentication-Results: phobos.denx.de; dmarc=none (p=none dis=none) header.from=konsulko.com Authentication-Results: phobos.denx.de; spf=pass smtp.mailfrom=u-boot-bounces@lists.denx.de Authentication-Results: phobos.denx.de; dkim=pass (1024-bit key; unprotected) header.d=konsulko.com header.i=@konsulko.com header.b="tk2bMDlt"; dkim-atps=neutral Received: by phobos.denx.de (Postfix, from userid 109) id 7B202829BF; Mon, 21 Jun 2021 22:35:44 +0200 (CEST) Received: from mail-qk1-x730.google.com (mail-qk1-x730.google.com [IPv6:2607:f8b0:4864:20::730]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits)) (No client certificate requested) by phobos.denx.de (Postfix) with ESMTPS id 07C92829B9 for ; Mon, 21 Jun 2021 22:35:41 +0200 (CEST) Authentication-Results: phobos.denx.de; dmarc=none (p=none dis=none) header.from=konsulko.com Authentication-Results: phobos.denx.de; spf=pass smtp.mailfrom=trini@konsulko.com Received: by mail-qk1-x730.google.com with SMTP id bj15so32142408qkb.11 for ; Mon, 21 Jun 2021 13:35:40 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=konsulko.com; s=google; h=date:from:to:cc:subject:message-id:references:mime-version :content-disposition:in-reply-to:user-agent; bh=J++Ade9yK9bgxuDKdP/Aj3WnrvXOu9ZuOR3svIn6hd0=; b=tk2bMDltg4T6BB/ECLnIjC16ciTsR4McBeyLZiEK4XOBXs8kl5jQ2zFm2zYie05klR Rf/GGrknTWTZTnzv4fpjZsHU+N+Lr5f+9XdlHdmkja/imN6G2qwfXFoOtu+78vmjrwi9 8xi6z0oU5XG4x2YExHHQtFxFx3ZIbQmzbta6Q= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:date:from:to:cc:subject:message-id:references :mime-version:content-disposition:in-reply-to:user-agent; bh=J++Ade9yK9bgxuDKdP/Aj3WnrvXOu9ZuOR3svIn6hd0=; b=TSIB5CNJivpTf5PjQvvvZhoHDAOouqZB89Qyjo0jajXBQRx+WuASeAoT5qCX0tyhD8 kMLYJ+ChNKsgvP8qfE23cjkdtW26ZuKfn0PyTAa1M5v6Hdm9jfq6wzpYspZeCwOZElnF /b0rZCP8PbBTiCpg3XhoQ33az2smV+t6IIXPdV93WNJhtDUyCdbWAKQfy7jNmcqgNyGt snj/B4L+bA2vWXHDavwowrJROkcERIBxkJHfPZ2YsSWMf6XVruuYGKBgTCctOv4ISbRz 5N1xzM4cTONy9+VoAwpLj5W8IgttgV47z9ukDdAX+kAZzhNs1TUgAszP5+4mQHLUxKEn 8wng== X-Gm-Message-State: AOAM5333G6oaWEZE9z1gIxtFFmbLPTKhcLFFIZXNlrgnL31Yuosp9bR+ mHoQnttEpI3c3yhKDYePQTwKMw== X-Google-Smtp-Source: ABdhPJxQSjXKXzcIaH21keFyymVUSaOphdejgAgaVpWQ129qGOnxIVmwJecdC2+VjQhD6D808BsZaA== X-Received: by 2002:a37:9dcf:: with SMTP id g198mr510292qke.159.1624307739861; Mon, 21 Jun 2021 13:35:39 -0700 (PDT) Received: from bill-the-cat (2603-6081-7b01-cbda-c83e-0f88-3796-f27b.res6.spectrum.com. [2603:6081:7b01:cbda:c83e:f88:3796:f27b]) by smtp.gmail.com with ESMTPSA id y18sm143771qtj.53.2021.06.21.13.35.38 (version=TLS1_2 cipher=ECDHE-ECDSA-CHACHA20-POLY1305 bits=256/256); Mon, 21 Jun 2021 13:35:38 -0700 (PDT) Date: Mon, 21 Jun 2021 16:35:37 -0400 From: Tom Rini To: Andre Przywara Cc: Samuel Holland , Jagan Teki , Hans de Goede , u-boot@lists.denx.de, Simon Glass , Jernej =?utf-8?Q?=C5=A0krabec?= Subject: Re: [PATCH 0/4] sunxi: TOC0 image type support Message-ID: <20210621203537.GN9516@bill-the-cat> References: <20210621025555.19390-1-samuel@sholland.org> <20210621164300.231e3a11@slackpad.fritz.box> MIME-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha512; protocol="application/pgp-signature"; boundary="K1/tOCybnF1NXzbH" Content-Disposition: inline In-Reply-To: <20210621164300.231e3a11@slackpad.fritz.box> X-Clacks-Overhead: GNU Terry Pratchett User-Agent: Mutt/1.9.4 (2018-02-28) X-BeenThere: u-boot@lists.denx.de X-Mailman-Version: 2.1.34 Precedence: list List-Id: U-Boot discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: u-boot-bounces@lists.denx.de Sender: "U-Boot" X-Virus-Scanned: clamav-milter 0.103.2 at phobos.denx.de X-Virus-Status: Clean --K1/tOCybnF1NXzbH Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Mon, Jun 21, 2021 at 04:43:00PM +0100, Andre Przywara wrote: > On Sun, 20 Jun 2021 21:55:51 -0500 > Samuel Holland wrote: >=20 > (CC:ing Tom and Simon for the compatibility problem below) >=20 > Hi, >=20 > > This series adds support for the TOC0 image format used by the Allwinner > > secure boot ROM (SBROM). This series has been tested on the following > > SoCs/boards, with the eFuse burnt to enable secure mode: > > - A64: Pine A64 Plus > > - H5: Orange Pi Zero Plus > > - H6: Pine H64 Model B > > - H616: Orange Pi Zero 2 >=20 > many thanks for sending this. In general this looks good (will do a > more thorough review soon), just one thing that bothered me: >=20 > This requires OpenSLL 1.1.x. There is nothing really wrong about this, > but my (admittedly not the freshest) Slackware, but also long term > distros like RHEL/CentOS (<=3D7), still come with 1.0.x (headers) only. >=20 > I was wondering how important this is? I have the impression that > embedded developers sometimes use old^Wstable systems, so some people > might be bitten by it. I think in this case it will affect all user > trying to build mkimage, regardless of the target platform? >=20 > So I wanted to know what to do here? > - Can we provide some kind of compatibility support? OpenSSL seems > to provide something: > https://wiki.openssl.org/index.php/OpenSSL_1.1.0_Changes#Compatibility_La= yer > Haven't tested that fully yet, just downloading that tarball > does not seem to cut it (or is missing files?). I guess one needs to > copy&paste some code from the Wiki? > - Shall we detect missing v1.1.x support (via #if OPENSSL_VERSION_NUMBER > < 0x10100000L) and disable just sunxi_toc0 support in this case? There's two things. First, the series should be on top of (sorry!) https://patchwork.ozlabs.org/project/uboot/patch/20210524202317.1492578-1-m= r.nuke.me@gmail.com/ which adds a similar Kconfig option to make building tools easier. Second, while I think not supporting openssl 1.0.x is fine, I would like to again ask for someone to spend the time looking at switching to one of the GPL-compatible libraries as I'm pretty sure it's been raised a few times that we can't link with openssl like we do. This isn't a blocker for the series, just an ask for help with a known problem. Thanks! --=20 Tom --K1/tOCybnF1NXzbH Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iQGzBAABCgAdFiEEGjx/cOCPqxcHgJu/FHw5/5Y0tywFAmDQ+A8ACgkQFHw5/5Y0 tyzLYwv/U5jUj0KgDPoJvYA/t9Z5LCAD1SibQ31mBcV6wwgvq17RyADHmT/3KdVl GJFVnbZbiXMnJ/Ce675r7LTs6OoMrkyJZnecHFHqnmKOQZqiUVnrF1U4yJ0YUCfu ARu5P6KyZKQ8JvlxmwIYCUilD8YseucY50pJ2G+Ctwq/GN641eHtH8bmH/v6eeuR n+yK8Q0bhjXpDhhJvFQUt3cM+N3HfZYDTLPU/wZvJ+7RTju8EDFYqUvRdv7ZH9+z QVODcM/SCcneiYVfT1S9ponGE4vUNWu8qQ2m7Db1et+1M8+746PgqqTg7xOjmUeN 9WewBgMhD50FFG4Ufqp/OwwDVNHTjt8SO0fSWRfeBuS4TbRRjB5NwTLhvHq8w7MB fWF1tNXnufEeDUavkAHFgcH7IyXoyvVtB9f/A7z5s9Rf1tX146xTQ2JI23q1OVDG tLs3RvlAZVP++Jfpd4ThGoMxzxcX3242Sf5pyjZ3Kto6VKyCK/gnqw7UFvae5I4E +qP8hAEu =ZFrF -----END PGP SIGNATURE----- --K1/tOCybnF1NXzbH--