From: Heinrich Schuchardt <xypron.glpk@gmx.de>
To: Tom Rini <trini@konsulko.com>
Cc: AKASHI Takahiro <takahiro.akashi@linaro.org>,
Vagrant Cascadian <vagrant@debian.org>,
Simon Glass <sjg@chromium.org>,
Sughosh Ganu <sughosh.ganu@linaro.org>,
u-boot@lists.denx.de
Subject: Re: [PATCH 1/1] configs: add mkeficapsule to tools-only_defconfig
Date: Thu, 9 Sep 2021 14:31:18 +0200 [thread overview]
Message-ID: <2523ea01-f3c1-79ea-a79b-f92aaa5f66bb@gmx.de> (raw)
In-Reply-To: <20210909114615.GW12964@bill-the-cat>
On 9/9/21 1:46 PM, Tom Rini wrote:
> On Thu, Sep 09, 2021 at 05:30:36PM +0900, AKASHI Takahiro wrote:
>> On Thu, Sep 09, 2021 at 09:27:50AM +0200, Heinrich Schuchardt wrote:
>>> On 9/9/21 8:09 AM, AKASHI Takahiro wrote:
>>>> On Thu, Sep 09, 2021 at 07:27:10AM +0200, Heinrich Schuchardt wrote:
>>>>> mkeficapsule is used to create capsules for UEFI firmware update.
>>>>> To ease inclusion into U-Boot tools packages of Linux distributions we
>>>>> should add it to the tools-only_defconfig.
>>>>>
>>>>> Provide dummy values for CONFIG_AVB_BUF_ADDR, CONFIG_AVB_BUF_SIZE to
>>>>> satisfy Kconfig.
>>>>>
>>>>> Suggested-by: Vagrant Cascadian <vagrant@debian.org>
>>>>> Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
>>>>> ---
>>>>> configs/tools-only_defconfig | 7 ++++++-
>>>>> 1 file changed, 6 insertions(+), 1 deletion(-)
>>>>>
>>>>> diff --git a/configs/tools-only_defconfig b/configs/tools-only_defconfig
>>>>> index f54bc1802c..8a20d3fb05 100644
>>>>> --- a/configs/tools-only_defconfig
>>>>> +++ b/configs/tools-only_defconfig
>>>>> @@ -5,6 +5,8 @@ CONFIG_ANDROID_BOOT_IMAGE=y
>>>>> CONFIG_FIT=y
>>>>> CONFIG_FIT_SIGNATURE=y
>>>>> CONFIG_MISC_INIT_F=y
>>>>> +CONFIG_AVB_BUF_ADDR=0x0
>>>>> +CONFIG_AVB_BUF_SIZE=0x8192
>>>>> # CONFIG_CMD_BOOTD is not set
>>>>> # CONFIG_CMD_BOOTM is not set
>>>>> # CONFIG_CMD_ELF is not set
>>>>> @@ -29,4 +31,7 @@ CONFIG_SYSRESET=y
>>>>> # CONFIG_VIRTIO_MMIO is not set
>>>>> # CONFIG_VIRTIO_PCI is not set
>>>>> # CONFIG_VIRTIO_SANDBOX is not set
>>>>> -# CONFIG_EFI_LOADER is not set
>>>>> +CONFIG_EFI_CAPSULE_ON_DISK=y
>>>>> +CONFIG_EFI_CAPSULE_FIRMWARE_FIT=y
>>>>> +CONFIG_EFI_CAPSULE_FIRMWARE_RAW=y
>>>>> +CONFIG_EFI_CAPSULE_AUTHENTICATE=y
>>>>
>>>> I think that we should use the way that I suggested in my patch[1].
>>>>
>>>> -Takahiro Akashi
>>>>
>>>> [1] https://lists.denx.de/pipermail/u-boot/2021-August/459349.html
>>>
>>> Your patch [1] still requires some rework:
>>> https://patchwork.ozlabs.org/project/uboot/patch/20210831024659.53464-2-takahiro.akashi@linaro.org/
>>>
>>> [1] changes what mkeficapsule looks like and this patch makes it
>>> available in tools-only_defconfig?
>>>
>>> Aren't these two patches complementary?
>>
>> With my patch applied, the only option we need to compile mkeficapsule is:
>> CONFIG_TOOLS_MKEFICAPSULE
>> (and optionally CONFIG_TOOLS_LIBCRYPTO)
>>
>> There is no target-config dependency as you have expected.
>
> There's two issues. First, the general one is that when just building
> host tools (typically to package up in a distribution of some sort), it
> shouldn't depend on how "U-Boot" was configured (set aside the default
> environment problem). CONFIG_TOOLS_LIBCRYPTO is the exception here as
Agreed. That is why in response to [1] I asked Takahiro to change the
patch such that it covers both signed and unsigned capsules. I don't
want two different versions.
Currently the tool is not build at all if
CONFIG_EFI_HAVE_CAPSULE_SUPPORT is not selected. Do I understand you
right that this dependency should be lifted?
> it's how we make things reproducible at least, with respect to libcrypto
> related requirements. The second is that "tools-only_defconfig" is
> what's used when configuring U-Boot (as tools care about
> CONFIG_TOOLS_LIBCRYPTO but also LOCALVERSION).
>
> That said, I would like to know why AVB stuff comes in for building
> mkeficapsule. Is there shared code? If so, are these dummy variables
> OK and not going to cause a problem?
>
AVB_VERIFY is implied by SANDBOX and depends on PARTITION_UUIDS.
CONFIG_EFI_HAVE_CAPSULE_SUPPORT requires EFI_LOADER.
EFI_LOADER selects PARTITION_UUIDS.
Best regards
Heinrich
next prev parent reply other threads:[~2021-09-09 12:31 UTC|newest]
Thread overview: 13+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-09-09 5:27 [PATCH 1/1] configs: add mkeficapsule to tools-only_defconfig Heinrich Schuchardt
2021-09-09 6:09 ` AKASHI Takahiro
2021-09-09 7:27 ` Heinrich Schuchardt
2021-09-09 8:30 ` AKASHI Takahiro
2021-09-09 11:46 ` Tom Rini
2021-09-09 12:10 ` AKASHI Takahiro
2021-09-09 12:15 ` Tom Rini
2021-09-09 12:47 ` AKASHI Takahiro
2021-09-09 13:02 ` Tom Rini
2021-09-10 2:17 ` AKASHI Takahiro
2021-09-10 3:14 ` Tom Rini
2021-09-09 12:31 ` Heinrich Schuchardt [this message]
2021-09-09 12:44 ` Tom Rini
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=2523ea01-f3c1-79ea-a79b-f92aaa5f66bb@gmx.de \
--to=xypron.glpk@gmx.de \
--cc=sjg@chromium.org \
--cc=sughosh.ganu@linaro.org \
--cc=takahiro.akashi@linaro.org \
--cc=trini@konsulko.com \
--cc=u-boot@lists.denx.de \
--cc=vagrant@debian.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.