From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 89100C433EF for ; Tue, 19 Oct 2021 10:42:05 +0000 (UTC) Received: from phobos.denx.de (phobos.denx.de [85.214.62.61]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPS id F3B9C60E90 for ; Tue, 19 Oct 2021 10:42:04 +0000 (UTC) DMARC-Filter: OpenDMARC Filter v1.4.1 mail.kernel.org F3B9C60E90 Authentication-Results: mail.kernel.org; dmarc=fail (p=none dis=none) header.from=arm.com Authentication-Results: mail.kernel.org; spf=pass smtp.mailfrom=lists.denx.de Received: from h2850616.stratoserver.net (localhost [IPv6:::1]) by phobos.denx.de (Postfix) with ESMTP id 3D44E82DB3; Tue, 19 Oct 2021 12:42:02 +0200 (CEST) Authentication-Results: phobos.denx.de; dmarc=fail (p=none dis=none) header.from=arm.com Authentication-Results: phobos.denx.de; spf=pass smtp.mailfrom=u-boot-bounces@lists.denx.de Received: by phobos.denx.de (Postfix, from userid 109) id AF8EC82DB4; Tue, 19 Oct 2021 12:41:59 +0200 (CEST) Received: from foss.arm.com (foss.arm.com [217.140.110.172]) by phobos.denx.de (Postfix) with ESMTP id 2049882D95 for ; Tue, 19 Oct 2021 12:41:55 +0200 (CEST) Authentication-Results: phobos.denx.de; dmarc=pass (p=none dis=none) header.from=arm.com Authentication-Results: phobos.denx.de; spf=pass smtp.mailfrom=andre.przywara@arm.com Received: from usa-sjc-imap-foss1.foss.arm.com (unknown [10.121.207.14]) by usa-sjc-mx-foss1.foss.arm.com (Postfix) with ESMTP id 81AB8D6E; Tue, 19 Oct 2021 03:41:54 -0700 (PDT) Received: from donnerap.cambridge.arm.com (usa-sjc-imap-foss1.foss.arm.com [10.121.207.14]) by usa-sjc-imap-foss1.foss.arm.com (Postfix) with ESMTPSA id 47CAA3F70D; Tue, 19 Oct 2021 03:41:53 -0700 (PDT) Date: Tue, 19 Oct 2021 11:41:50 +0100 From: Andre Przywara To: "Alex G." Cc: Samuel Holland , u-boot@lists.denx.de, Jagan Teki , Pali =?UTF-8?B?Um9ow6Fy?= , Chris Packham , "NXP i.MX U-Boot Team" , Naoki Hayama , Joel Stanley Subject: Re: [PATCH v3 1/4] tools: Separate image types which depend on OpenSSL Message-ID: <20211019114150.1773cbfc@donnerap.cambridge.arm.com> In-Reply-To: <1a532861-99bd-241f-8551-65541fa58052@gmail.com> References: <20211015031916.44461-1-samuel@sholland.org> <20211015031916.44461-2-samuel@sholland.org> <1a532861-99bd-241f-8551-65541fa58052@gmail.com> Organization: ARM X-Mailer: Claws Mail 3.17.5 (GTK+ 2.24.32; aarch64-unknown-linux-gnu) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: quoted-printable X-BeenThere: u-boot@lists.denx.de X-Mailman-Version: 2.1.34 Precedence: list List-Id: U-Boot discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: u-boot-bounces@lists.denx.de Sender: "U-Boot" X-Virus-Scanned: clamav-milter 0.103.2 at phobos.denx.de X-Virus-Status: Clean On Mon, 18 Oct 2021 09:09:04 -0500 "Alex G." wrote: Hi, > On 10/14/21 10:19 PM, Samuel Holland wrote: > > Some image types (kwbimage and mxsimage) always depend on OpenSSL, so > > they can only be included in mkimage when TOOLS_LIBCRYPTO is selected. > > Use Makefile logic to conditionally link the files. > >=20 > > When building for platforms which use those image types, automatically > > select TOOLS_LIBCRYPTO, since it is required for the build to complete. > >=20 > > Signed-off-by: Samuel Holland =20 >=20 > NAK. >=20 > The intent, as detailed in tools/Makefile, is to _NOT_ to conflate=20 > target options with tools options. I am a bit undecided, because I think the intent was more for *just* building mkimage (tools-only_defconfig, for the u-boot-tools distro package, for instance). (Which doesn't seem to work, btw, with or without this patch.) However just building mkimage because it's needed to create a certain board firmware is a different story, I think, and including OpenSSL (if the platform requires that) is hardly a user's choice at this point. But anyway: Samuel, what is the actual problem this patch is solving? TOOLS_LIBCRYPTO is default y, so normally (make foo_defconfig; make) everything should be fine? And it only breaks if a user deliberately and manually deselects it, between "make foo_defconfig" and "make"? So this patch is somewhat optional, at least for the purpose of TOC0 support? Cheers, Andre > Disabling openssl libs is purely at the user's discretion. If platforms=20 > can't build a usable image, I suggest just printing a loud warning=20 > instead of overriding the user. >=20 > Alex >=20 > > --- > >=20 > > Changes in v3: > > - Selected TOOLS_LIBCRYPTO on all platforms that use kwbimage (as best > > as I can tell, using the suggestions from Pali Roh=C3=A1r) > >=20 > > Changes in v2: > > - Refactored the first patch on top of TOOLS_LIBCRYPTO > >=20 > > arch/arm/Kconfig | 3 +++ > > arch/arm/mach-imx/mxs/Kconfig | 2 ++ > > scripts/config_whitelist.txt | 1 - > > tools/Makefile | 19 +++++-------------- > > tools/mxsimage.c | 3 --- > > 5 files changed, 10 insertions(+), 18 deletions(-) > >=20 > > diff --git a/arch/arm/Kconfig b/arch/arm/Kconfig > > index d8c041a877..380ad4f670 100644 > > --- a/arch/arm/Kconfig > > +++ b/arch/arm/Kconfig > > @@ -566,6 +566,7 @@ config ARCH_KIRKWOOD > > select BOARD_EARLY_INIT_F > > select CPU_ARM926EJS > > select GPIO_EXTRA_HEADER > > + select TOOLS_LIBCRYPTO > > =20 > > config ARCH_MVEBU > > bool "Marvell MVEBU family (Armada XP/375/38x/3700/7K/8K)" > > @@ -580,12 +581,14 @@ config ARCH_MVEBU > > select OF_CONTROL > > select OF_SEPARATE > > select SPI > > + select TOOLS_LIBCRYPTO > > imply CMD_DM > > =20 > > config ARCH_ORION5X > > bool "Marvell Orion" > > select CPU_ARM926EJS > > select GPIO_EXTRA_HEADER > > + select TOOLS_LIBCRYPTO > > =20 > > config TARGET_STV0991 > > bool "Support stv0991" > > diff --git a/arch/arm/mach-imx/mxs/Kconfig b/arch/arm/mach-imx/mxs/Kcon= fig > > index b2026a3758..6f138d25e9 100644 > > --- a/arch/arm/mach-imx/mxs/Kconfig > > +++ b/arch/arm/mach-imx/mxs/Kconfig > > @@ -3,6 +3,7 @@ if ARCH_MX23 > > config MX23 > > bool > > default y > > + select TOOLS_LIBCRYPTO > > =20 > > choice > > prompt "MX23 board select" > > @@ -34,6 +35,7 @@ if ARCH_MX28 > > config MX28 > > bool > > default y > > + select TOOLS_LIBCRYPTO > > =20 > > choice > > prompt "MX28 board select" > > diff --git a/scripts/config_whitelist.txt b/scripts/config_whitelist.txt > > index 3a6865dc70..bea6b6f83b 100644 > > --- a/scripts/config_whitelist.txt > > +++ b/scripts/config_whitelist.txt > > @@ -838,7 +838,6 @@ CONFIG_MXC_UART_BASE > > CONFIG_MXC_USB_FLAGS > > CONFIG_MXC_USB_PORT > > CONFIG_MXC_USB_PORTSC > > -CONFIG_MXS > > CONFIG_MXS_AUART > > CONFIG_MXS_AUART_BASE > > CONFIG_MXS_OCOTP > > diff --git a/tools/Makefile b/tools/Makefile > > index 999fd46531..a9b3d982d8 100644 > > --- a/tools/Makefile > > +++ b/tools/Makefile > > @@ -94,9 +94,11 @@ ECDSA_OBJS-$(CONFIG_TOOLS_LIBCRYPTO) :=3D $(addprefi= x lib/ecdsa/, ecdsa-libcrypto. > > AES_OBJS-$(CONFIG_TOOLS_LIBCRYPTO) :=3D $(addprefix lib/aes/, \ > > aes-encrypt.o aes-decrypt.o) > > =20 > > -# Cryptographic helpers that depend on openssl/libcrypto > > -LIBCRYPTO_OBJS-$(CONFIG_TOOLS_LIBCRYPTO) :=3D $(addprefix lib/, \ > > - fdt-libcrypto.o) > > +# Cryptographic helpers and image types that depend on openssl/libcryp= to > > +LIBCRYPTO_OBJS-$(CONFIG_TOOLS_LIBCRYPTO) :=3D \ > > + lib/fdt-libcrypto.o \ > > + kwbimage.o \ > > + mxsimage.o > > =20 > > ROCKCHIP_OBS =3D lib/rc4.o rkcommon.o rkimage.o rksd.o rkspi.o > > =20 > > @@ -118,10 +120,8 @@ dumpimage-mkimage-objs :=3D aisimage.o \ > > imximage.o \ > > imx8image.o \ > > imx8mimage.o \ > > - kwbimage.o \ > > lib/md5.o \ > > lpc32xximage.o \ > > - mxsimage.o \ > > omapimage.o \ > > os_support.o \ > > pblimage.o \ > > @@ -156,22 +156,13 @@ fit_info-objs :=3D $(dumpimage-mkimage-objs) fi= t_info.o > > fit_check_sign-objs :=3D $(dumpimage-mkimage-objs) fit_check_sign.o > > file2include-objs :=3D file2include.o > > =20 > > -ifneq ($(CONFIG_MX23)$(CONFIG_MX28)$(CONFIG_TOOLS_LIBCRYPTO),) > > -# Add CONFIG_MXS into host CFLAGS, so we can check whether or not regi= ster > > -# the mxsimage support within tools/mxsimage.c . > > -HOSTCFLAGS_mxsimage.o +=3D -DCONFIG_MXS > > -endif > > - > > ifdef CONFIG_TOOLS_LIBCRYPTO > > # This affects include/image.h, but including the board config file > > # is tricky, so manually define this options here. > > HOST_EXTRACFLAGS +=3D -DCONFIG_FIT_SIGNATURE > > HOST_EXTRACFLAGS +=3D -DCONFIG_FIT_SIGNATURE_MAX_SIZE=3D0xffffffff > > HOST_EXTRACFLAGS +=3D -DCONFIG_FIT_CIPHER > > -endif > > =20 > > -# MXSImage needs LibSSL > > -ifneq ($(CONFIG_MX23)$(CONFIG_MX28)$(CONFIG_ARMADA_38X)$(CONFIG_TOOLS_= LIBCRYPTO),) > > HOSTCFLAGS_kwbimage.o +=3D \ > > $(shell pkg-config --cflags libssl libcrypto 2> /dev/null || echo "") > > HOSTLDLIBS_mkimage +=3D \ > > diff --git a/tools/mxsimage.c b/tools/mxsimage.c > > index 002f4b525a..2bfbb421eb 100644 > > --- a/tools/mxsimage.c > > +++ b/tools/mxsimage.c > > @@ -5,8 +5,6 @@ > > * Copyright (C) 2012-2013 Marek Vasut > > */ > > =20 > > -#ifdef CONFIG_MXS > > - > > #include > > #include > > #include > > @@ -2363,4 +2361,3 @@ U_BOOT_IMAGE_TYPE( > > NULL, > > mxsimage_generate > > ); > > -#endif > > =20