From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <SRS0=VWcL=PD=lists.denx.de=u-boot-bounces@kernel.org>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	aws-us-west-2-korg-lkml-1.web.codeaurora.org
Received: from mail.kernel.org (mail.kernel.org [198.145.29.99])
	by smtp.lore.kernel.org (Postfix) with ESMTP id A8259C433EF
	for <u-boot@archiver.kernel.org>; Fri, 15 Oct 2021 20:31:05 +0000 (UTC)
Received: from phobos.denx.de (phobos.denx.de [85.214.62.61])
	(using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits))
	(No client certificate requested)
	by mail.kernel.org (Postfix) with ESMTPS id BA94E60E97
	for <u-boot@archiver.kernel.org>; Fri, 15 Oct 2021 20:31:04 +0000 (UTC)
DMARC-Filter: OpenDMARC Filter v1.4.1 mail.kernel.org BA94E60E97
Authentication-Results: mail.kernel.org; dmarc=fail (p=none dis=none) header.from=kernel.org
Authentication-Results: mail.kernel.org; spf=pass smtp.mailfrom=lists.denx.de
Received: from h2850616.stratoserver.net (localhost [IPv6:::1])
	by phobos.denx.de (Postfix) with ESMTP id E08A4836B6;
	Fri, 15 Oct 2021 22:31:01 +0200 (CEST)
Authentication-Results: phobos.denx.de; dmarc=pass (p=none dis=none) header.from=kernel.org
Authentication-Results: phobos.denx.de; spf=pass smtp.mailfrom=u-boot-bounces@lists.denx.de
Authentication-Results: phobos.denx.de;
	dkim=pass (2048-bit key; unprotected) header.d=kernel.org header.i=@kernel.org header.b="UpZ+xWH7";
	dkim-atps=neutral
Received: by phobos.denx.de (Postfix, from userid 109)
 id D62F8836B6; Fri, 15 Oct 2021 22:30:59 +0200 (CEST)
Received: from mail.kernel.org (mail.kernel.org [198.145.29.99])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (No client certificate requested)
 by phobos.denx.de (Postfix) with ESMTPS id EB70A836A7
 for <u-boot@lists.denx.de>; Fri, 15 Oct 2021 22:30:55 +0200 (CEST)
Authentication-Results: phobos.denx.de;
 dmarc=pass (p=none dis=none) header.from=kernel.org
Authentication-Results: phobos.denx.de; spf=pass smtp.mailfrom=pali@kernel.org
Received: by mail.kernel.org (Postfix) with ESMTPSA id 44F1460E97;
 Fri, 15 Oct 2021 20:30:52 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org;
 s=k20201202; t=1634329852;
 bh=hmFAjBVHXi+2RWC0wuF88QAupc03j6ahAujHJhZRONg=;
 h=Date:From:To:Cc:Subject:References:In-Reply-To:From;
 b=UpZ+xWH7OfAULaM9QSTVclp8SAAra3zaMO2OnITa4/B9HHenutwwiP5E0UWAbiWZ6
 gLDtquTT2YWAxxEqTWbondZWAOXRvuZ/9LyjQhaRFS6KJa2GMIOIEcR+a+2v8KUPjo
 MQbSqOOi3k8vgkGmt+h2O3gNHsb2VBvx54iRnMRZOsfn+Hbqpa11lYbo3linN3XoHn
 d32E1T4mZH0KvqXGzIgVhFDfyJbA6iLVHeHpyKZ7cz7wQpRNb3MdLL8AfBvyralHZy
 eqXLcxDgDdcsjWMykA1mUVdWJdIwTdn73vyVOX6I/eu24Smwf8X3XUi90yH0IFZY04
 zizv7zyMPW54g==
Received: by pali.im (Postfix)
 id C3F9180A; Fri, 15 Oct 2021 22:30:49 +0200 (CEST)
Date: Fri, 15 Oct 2021 22:30:49 +0200
From: Pali =?utf-8?B?Um9ow6Fy?= <pali@kernel.org>
To: "Alex G." <mr.nuke.me@gmail.com>
Cc: Jernej =?utf-8?Q?=C5=A0krabec?= <jernej.skrabec@gmail.com>,
 u-boot@lists.denx.de
Subject: Re: Broken build with disabling OpenSSL crypto
Message-ID: <20211015203049.kaky7lbffbgh2fvx@pali>
References: <18564205.Z0HQFNUZ9R@kista>
 <544c0c86-ca3f-036e-2523-3f973105410a@gmail.com>
 <20211015113411.t2jltrmjggw7arb2@pali>
 <04979a7d-3f1b-9493-ba8c-39a0d893e5b4@gmail.com>
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Disposition: inline
Content-Transfer-Encoding: 8bit
In-Reply-To: <04979a7d-3f1b-9493-ba8c-39a0d893e5b4@gmail.com>
User-Agent: NeoMutt/20180716
X-BeenThere: u-boot@lists.denx.de
X-Mailman-Version: 2.1.34
Precedence: list
List-Id: U-Boot discussion <u-boot.lists.denx.de>
List-Unsubscribe: <https://lists.denx.de/options/u-boot>,
 <mailto:u-boot-request@lists.denx.de?subject=unsubscribe>
List-Archive: <https://lists.denx.de/pipermail/u-boot/>
List-Post: <mailto:u-boot@lists.denx.de>
List-Help: <mailto:u-boot-request@lists.denx.de?subject=help>
List-Subscribe: <https://lists.denx.de/listinfo/u-boot>,
 <mailto:u-boot-request@lists.denx.de?subject=subscribe>
Errors-To: u-boot-bounces@lists.denx.de
Sender: "U-Boot" <u-boot-bounces@lists.denx.de>
X-Virus-Scanned: clamav-milter 0.103.2 at phobos.denx.de
X-Virus-Status: Clean

On Friday 15 October 2021 09:35:43 Alex G. wrote:
> On 10/15/21 6:34 AM, Pali Rohár wrote:
> > On Wednesday 06 October 2021 17:05:24 Alex G. wrote:
> > > Hi Jernej,
> > > 
> > > On 10/6/21 4:27 PM, Jernej Škrabec wrote:
> > > > Hi everyone!
> > > > 
> > > > Commit cb9faa6f98ae ("tools: Use a single target-independent config to enable
> > > > OpenSSL") recently introduced option to disable usage of OpenSSL via
> > > > CONFIG_TOOLS_LIBCRYPTO. However, just a bit later, another commit b4f3cc2c42d9
> > > > ("tools: kwbimage: Do not hide usage of secure header under
> > > > CONFIG_ARMADA_38X") made U-Boot tools hard dependent on OpenSSL. That totally
> > > > defeats the purpose of first commit. I suggest that it gets reverted.
> > > > 
> > > > I would like disable OpenSSL for my usage, since it gives me troubles when
> > > > cross-compiling U-Boot inside LibreELEC build system. It's not needed for our
> > > > case anyway.
> > > > 
> > > > Best regards,
> > > > 
> > > 
> > > Can you please give the following diff a try, and if it works for you, submit as patch?
> > 
> > This change is incorrect and will break mvebu builds. mvebu requires
> > kwbimage for building boot images and so you cannot disable it or make
> > it optional.
> > 
> 
> If kwbimage is required and missing the CI builds and tests don't catch
> that. I ran buildman with the change, and nothing broke. Sounds like that
> needs to be addressed.

It is possible that tests do not covert all scenarios.

> That being said, I'm not okay with making everyone a slave to OpenSSL
> because of any given platform.
> 
> I propose to revert commit b4f3cc2c42d9 ("tools: kwbimage: Do not hide usage
> of secure header under CONFIG_ARMADA_38X"), and rework it such that it
> doesn't force libcrypto on everyone. And we very likely need a CI test
> against libcrypto linkage when TOOLS_LIBCRYPTO is not set.

Reverting that commit is not a solution as it can lead to broken
kwbimage (when crypto stuff is not enabled). Plus there is lot of other
changes and fixes in kwboot and kwbimage...

Some information with another approach how to solve build issues are in
this email:
https://lore.kernel.org/u-boot/20211015114735.rig3e4cuc7mn6a7e@pali/

> Alex
> 
> > > 
> > > diff --git a/tools/Makefile b/tools/Makefile
> > > index 4a86321f64..7f72ff9645 100644
> > > --- a/tools/Makefile
> > > +++ b/tools/Makefile
> > > @@ -96,7 +96,8 @@ AES_OBJS-$(CONFIG_TOOLS_LIBCRYPTO) := $(addprefix lib/aes/, \
> > > 
> > >   # Cryptographic helpers that depend on openssl/libcrypto
> > >   LIBCRYPTO_OBJS-$(CONFIG_TOOLS_LIBCRYPTO) := $(addprefix lib/, \
> > > -					fdt-libcrypto.o)
> > > +					fdt-libcrypto.o) \
> > > +					kwbimage.o
> > > 
> > >   ROCKCHIP_OBS = lib/rc4.o rkcommon.o rkimage.o rksd.o rkspi.o
> > > 
> > > @@ -117,7 +118,6 @@ dumpimage-mkimage-objs := aisimage.o \
> > >   			imximage.o \
> > >   			imx8image.o \
> > >   			imx8mimage.o \
> > > -			kwbimage.o \
> > >   			lib/md5.o \
> > >   			lpc32xximage.o \
> > >   			mxsimage.o \
> > > @@ -169,8 +169,8 @@ HOST_EXTRACFLAGS	+= -DCONFIG_FIT_SIGNATURE_MAX_SIZE=0xffffffff
> > >   HOST_EXTRACFLAGS	+= -DCONFIG_FIT_CIPHER
> > >   endif
> > > 
> > > -# MXSImage needs LibSSL
> > > -ifneq ($(CONFIG_MX23)$(CONFIG_MX28)$(CONFIG_ARMADA_38X)$(CONFIG_TOOLS_LIBCRYPTO),)
> > > +# MXSImage needs LibSSL <- Nope! Read the frogging notice at the top
> > > +ifneq ($(CONFIG_TOOLS_LIBCRYPTO),)
> > >   HOSTCFLAGS_kwbimage.o += \
> > >   	$(shell pkg-config --cflags libssl libcrypto 2> /dev/null || echo "")
> > >   HOSTLDLIBS_mkimage += \