From: Andre Przywara <andre.przywara@arm.com>
To: Samuel Holland <samuel@sholland.org>
Cc: "Pali Rohár" <pali@kernel.org>,
u-boot@lists.denx.de, "Jagan Teki" <jagan@amarulasolutions.com>,
"AKASHI Takahiro" <takahiro.akashi@linaro.org>,
"Alexandru Gagniuc" <mr.nuke.me@gmail.com>,
"Baruch Siach" <baruch@tkos.co.il>,
"Bharat Gooty" <bharat.gooty@broadcom.com>,
"Chris Packham" <judge.packham@gmail.com>,
"Fabio Estevam" <festevam@gmail.com>,
"Frieder Schrempf" <frieder.schrempf@kontron.de>,
"Jernej Skrabec" <jernej.skrabec@siol.net>,
"Marek Behún" <marek.behun@nic.cz>,
"NXP i.MX U-Boot Team" <uboot-imx@nxp.com>,
"Naoki Hayama" <naoki.hayama@lineo.co.jp>,
"Patrick Delaunay" <patrick.delaunay@foss.st.com>,
"Priyanka Jain" <priyanka.jain@nxp.com>,
"Rayagonda Kokatanur" <rayagonda.kokatanur@broadcom.com>,
"Simon Glass" <sjg@chromium.org>, "Stefan Roese" <sr@denx.de>,
"Stefano Babic" <sbabic@denx.de>,
"Sughosh Ganu" <sughosh.ganu@linaro.org>,
"Trevor Woerner" <twoerner@gmail.com>,
lauri.hintsala@silabs.com
Subject: Re: [PATCH v2 1/4] tools: Separate image types which depend on OpenSSL
Date: Tue, 24 Aug 2021 01:51:31 +0100 [thread overview]
Message-ID: <20210824015131.31e17240@slackpad.fritz.box> (raw)
In-Reply-To: <bc642954-4dd3-4bd9-ac52-0631a763981d@sholland.org>
On Sun, 22 Aug 2021 12:32:40 -0500
Samuel Holland <samuel@sholland.org> wrote:
Hi Samuel,
> On 8/22/21 4:58 AM, Pali Rohár wrote:
> > Hello!
> >
> > On Saturday 21 August 2021 23:46:45 Samuel Holland wrote:
> >> Some image types always depend on OpenSSL, so they can only be included
> >> in mkimage when TOOLS_LIBCRYPTO is selected. Instead of using arbitrary
> >> preprocessor definitions, conditionally link the files.
> >>
> >> When building for platforms which use those image types, automatically
> >> select TOOLS_LIBCRYPTO, it is required for the build to complete.
> >>
> >> Signed-off-by: Samuel Holland <samuel@sholland.org>
> >> ---
> >>
> >> Changes in v2:
> >> - Refactored the first patch on top of TOOLS_LIBCRYPTO
> >>
> >> arch/arm/mach-imx/mxs/Kconfig | 2 ++
> >> arch/arm/mach-mvebu/Kconfig | 1 +
> >> scripts/config_whitelist.txt | 1 -
> >> tools/Makefile | 19 +++++--------------
> >> tools/mxsimage.c | 3 ---
> >> 5 files changed, 8 insertions(+), 18 deletions(-)
> >>
> >> diff --git a/arch/arm/mach-imx/mxs/Kconfig b/arch/arm/mach-imx/mxs/Kconfig
> >> index 9f48ffda414..24d452942a5 100644
> >> --- a/arch/arm/mach-imx/mxs/Kconfig
> >> +++ b/arch/arm/mach-imx/mxs/Kconfig
> >> @@ -3,6 +3,7 @@ if ARCH_MX23
> >> config MX23
> >> bool
> >> default y
> >> + select TOOLS_LIBCRYPTO
> >>
> >> choice
> >> prompt "MX23 board select"
> >> @@ -34,6 +35,7 @@ if ARCH_MX28
> >> config MX28
> >> bool
> >> default y
> >> + select TOOLS_LIBCRYPTO
> >>
> >> choice
> >> prompt "MX28 board select"
> >> diff --git a/arch/arm/mach-mvebu/Kconfig b/arch/arm/mach-mvebu/Kconfig
> >> index 89737a37ad9..c02521c71bc 100644
> >> --- a/arch/arm/mach-mvebu/Kconfig
> >> +++ b/arch/arm/mach-mvebu/Kconfig
> >> @@ -29,6 +29,7 @@ config ARMADA_38X
> >> bool
> >> select ARMADA_32BIT
> >> select HAVE_MVEBU_EFUSE
> >> + select TOOLS_LIBCRYPTO
> >
> > kwbimage format is used also by A375 and AXP platform. So rather put
> > this select into ARMADA_32BIT section.
>
> I can do this.
>
> > Moreover kwbimage format is used also by orion and kirkwood platforms.
> > So this dependency needs to be enabled on more places.
>
> Since you know where they should go, would you be willing to send a
> patch adding the additional "select"s?
>
> Side note: TOOLS_LIBCRYPTO=y is the default, so nobody seems to have
> noticed, but actually the build with TOOLS_LIBCRYPTO=n is broken since
> commit b4f3cc2c42d9 ("tools: kwbimage: Do not hide usage of secure
> header under CONFIG_ARMADA_38X"). So I will add a Fixes: tag in v3.
I did notice, because my host doesn't have a compatible libopenssl.
Every build fails, because kwbimage.o was unconditionally included.
My previous workaround was to disable TOOLS_LIBCRYPTO, but this didn't
help after the patch you mentioned. So your solution is a quite nice
fix, and I can stop looking for a workaround.
However this somewhat breaks again somewhat needlessly with 4/4 (when
compiling for any SUNXI board, which don't really need TOC0), but this
can be easily avoided.
Cheers,
Andre
>
> Regards,
> Samuel
>
> >> config ARMADA_38X_HS_IMPEDANCE_THRESH
> >> hex "Armada 38x USB 2.0 High-Speed Impedance Threshold (0x0 - 0x7)"
> >> diff --git a/scripts/config_whitelist.txt b/scripts/config_whitelist.txt
> >> index 2d70bf5da7c..5caaad0c3dc 100644
> >> --- a/scripts/config_whitelist.txt
> >> +++ b/scripts/config_whitelist.txt
> >> @@ -1000,7 +1000,6 @@ CONFIG_MXC_UART_BASE
> >> CONFIG_MXC_USB_FLAGS
> >> CONFIG_MXC_USB_PORT
> >> CONFIG_MXC_USB_PORTSC
> >> -CONFIG_MXS
> >> CONFIG_MXS_AUART
> >> CONFIG_MXS_AUART_BASE
> >> CONFIG_MXS_OCOTP
> >> diff --git a/tools/Makefile b/tools/Makefile
> >> index 4a86321f646..ad0e9cf9490 100644
> >> --- a/tools/Makefile
> >> +++ b/tools/Makefile
> >> @@ -94,9 +94,11 @@ ECDSA_OBJS-$(CONFIG_TOOLS_LIBCRYPTO) := $(addprefix lib/ecdsa/, ecdsa-libcrypto.
> >> AES_OBJS-$(CONFIG_TOOLS_LIBCRYPTO) := $(addprefix lib/aes/, \
> >> aes-encrypt.o aes-decrypt.o)
> >>
> >> -# Cryptographic helpers that depend on openssl/libcrypto
> >> -LIBCRYPTO_OBJS-$(CONFIG_TOOLS_LIBCRYPTO) := $(addprefix lib/, \
> >> - fdt-libcrypto.o)
> >> +# Cryptographic helpers and image types that depend on openssl/libcrypto
> >> +LIBCRYPTO_OBJS-$(CONFIG_TOOLS_LIBCRYPTO) := \
> >> + lib/fdt-libcrypto.o \
> >> + kwbimage.o \
> >> + mxsimage.o
> >>
> >> ROCKCHIP_OBS = lib/rc4.o rkcommon.o rkimage.o rksd.o rkspi.o
> >>
> >> @@ -117,10 +119,8 @@ dumpimage-mkimage-objs := aisimage.o \
> >> imximage.o \
> >> imx8image.o \
> >> imx8mimage.o \
> >> - kwbimage.o \
> >> lib/md5.o \
> >> lpc32xximage.o \
> >> - mxsimage.o \
> >> omapimage.o \
> >> os_support.o \
> >> pblimage.o \
> >> @@ -155,22 +155,13 @@ fit_info-objs := $(dumpimage-mkimage-objs) fit_info.o
> >> fit_check_sign-objs := $(dumpimage-mkimage-objs) fit_check_sign.o
> >> file2include-objs := file2include.o
> >>
> >> -ifneq ($(CONFIG_MX23)$(CONFIG_MX28)$(CONFIG_TOOLS_LIBCRYPTO),)
> >> -# Add CONFIG_MXS into host CFLAGS, so we can check whether or not register
> >> -# the mxsimage support within tools/mxsimage.c .
> >> -HOSTCFLAGS_mxsimage.o += -DCONFIG_MXS
> >> -endif
> >> -
> >> ifdef CONFIG_TOOLS_LIBCRYPTO
> >> # This affects include/image.h, but including the board config file
> >> # is tricky, so manually define this options here.
> >> HOST_EXTRACFLAGS += -DCONFIG_FIT_SIGNATURE
> >> HOST_EXTRACFLAGS += -DCONFIG_FIT_SIGNATURE_MAX_SIZE=0xffffffff
> >> HOST_EXTRACFLAGS += -DCONFIG_FIT_CIPHER
> >> -endif
> >>
> >> -# MXSImage needs LibSSL
> >> -ifneq ($(CONFIG_MX23)$(CONFIG_MX28)$(CONFIG_ARMADA_38X)$(CONFIG_TOOLS_LIBCRYPTO),)
> >> HOSTCFLAGS_kwbimage.o += \
> >> $(shell pkg-config --cflags libssl libcrypto 2> /dev/null || echo "")
> >> HOSTLDLIBS_mkimage += \
> >> diff --git a/tools/mxsimage.c b/tools/mxsimage.c
> >> index 002f4b525aa..2bfbb421eb6 100644
> >> --- a/tools/mxsimage.c
> >> +++ b/tools/mxsimage.c
> >> @@ -5,8 +5,6 @@
> >> * Copyright (C) 2012-2013 Marek Vasut <marex@denx.de>
> >> */
> >>
> >> -#ifdef CONFIG_MXS
> >> -
> >> #include <errno.h>
> >> #include <fcntl.h>
> >> #include <stdio.h>
> >> @@ -2363,4 +2361,3 @@ U_BOOT_IMAGE_TYPE(
> >> NULL,
> >> mxsimage_generate
> >> );
> >> -#endif
> >> --
> >> 2.31.1
> >>
>
next prev parent reply other threads:[~2021-08-24 0:51 UTC|newest]
Thread overview: 13+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-08-22 4:46 [PATCH v2 0/4] sunxi: TOC0 image type support Samuel Holland
2021-08-22 4:46 ` [PATCH v2 1/4] tools: Separate image types which depend on OpenSSL Samuel Holland
2021-08-22 9:58 ` Pali Rohár
2021-08-22 17:32 ` Samuel Holland
2021-08-24 0:51 ` Andre Przywara [this message]
2021-08-22 4:46 ` [PATCH v2 2/4] tools: mkimage: Add Allwinner TOC0 support Samuel Holland
2021-08-22 10:07 ` Pali Rohár
2021-08-22 17:44 ` Samuel Holland
2021-08-22 17:51 ` Pali Rohár
2021-09-06 0:29 ` Andre Przywara
2021-08-22 4:46 ` [PATCH v2 3/4] sunxi: Support SPL in both eGON and TOC0 images Samuel Holland
2021-09-06 0:30 ` Andre Przywara
2021-08-22 4:46 ` [PATCH v2 4/4] sunxi: Support building a SPL as a TOC0 image Samuel Holland
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20210824015131.31e17240@slackpad.fritz.box \
--to=andre.przywara@arm.com \
--cc=baruch@tkos.co.il \
--cc=bharat.gooty@broadcom.com \
--cc=festevam@gmail.com \
--cc=frieder.schrempf@kontron.de \
--cc=jagan@amarulasolutions.com \
--cc=jernej.skrabec@siol.net \
--cc=judge.packham@gmail.com \
--cc=lauri.hintsala@silabs.com \
--cc=marek.behun@nic.cz \
--cc=mr.nuke.me@gmail.com \
--cc=naoki.hayama@lineo.co.jp \
--cc=pali@kernel.org \
--cc=patrick.delaunay@foss.st.com \
--cc=priyanka.jain@nxp.com \
--cc=rayagonda.kokatanur@broadcom.com \
--cc=samuel@sholland.org \
--cc=sbabic@denx.de \
--cc=sjg@chromium.org \
--cc=sr@denx.de \
--cc=sughosh.ganu@linaro.org \
--cc=takahiro.akashi@linaro.org \
--cc=twoerner@gmail.com \
--cc=u-boot@lists.denx.de \
--cc=uboot-imx@nxp.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.