From mboxrd@z Thu Jan 1 00:00:00 1970 From: Heinrich Schuchardt Date: Tue, 15 Oct 2019 13:10:02 +0200 Subject: [U-Boot] [PATCH v1 00/11] import x509/pkcs7 parsers from linux In-Reply-To: <20191015085640.GL18778@linaro.org> References: <20191011074200.30269-1-takahiro.akashi@linaro.org> <20191011075507.GF18778@linaro.org> <2cee5152-3dea-5592-b7e5-590c95ece109@gmx.de> <20191015031819.GH18778@linaro.org> <8f301c7e-1bbc-a45f-9f43-ab107db291f4@gmx.de> <20191015085640.GL18778@linaro.org> Message-ID: <4356baa8-9755-791b-1285-3acef0357b7b@gmx.de> List-Id: MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit To: u-boot@lists.denx.de On 10/15/19 10:56 AM, AKASHI Takahiro wrote: > On Tue, Oct 15, 2019 at 07:33:18AM +0200, Heinrich Schuchardt wrote: >> On 10/15/19 5:18 AM, AKASHI Takahiro wrote: >>> On Sat, Oct 12, 2019 at 03:02:09PM +0200, Heinrich Schuchardt wrote: >>>> On 10/11/19 9:55 AM, AKASHI Takahiro wrote: >>>>> I hope this patch set will be reviewed promptly as I'm aiming to >>>>> push my "UEFI secure boot" patch for v2020.01. >>>>> >>>> >>>> How can I make all of these new files being built to check for build >>>> warnings? >>> >>> As always in my case of UEFI secure boot, they have gone through build and >>> run/tests as part of UEFI secure boot. This is also true for RSA >>> extension as UEFI secure boot is the only user of those features. >> >> Did you run them through Travis? >> >>> >>> Please note that almost of all the code here come from the latest >>> linux code without any changes. A few changes that I made are >>> quite U-Boot/UEFI-secure-boot specific and is *best* tested through >>> UEFI secure boot test. >>> >>> That said, you can at least build the code by enabling >>> Library routines >>> Security support >>> Asymmetric Key Support >>> CONFIG_ASYMMETRIC_PUBLIC_KEY_SUBTYPE >>> CONFIG_X509_CERTIFICATE_PARSER >>> CONFIG_PKCS7_MESSAGE_PARSER >>> >>>> Please, provide unit tests for the patch series. >>> >>> As I said above, it will be exercised and tested under UEFI secure boot >>> test. >> >> If there is nothing I can test now, I would not know how to evaluate >> these patches. > > Do you ask me to write "unit tests" to test all the aspects of > asn1 compiler and parsers that I have not developed any part of > and that are not changed from the original? > Doesn't make sense. Wouldn't it be enough to ASN1-compile one file and check the MD5 hash of the result file? Regards Heinrich > >> There is good reason that we have unit tests and don't simply say U-Boot >> can be tested by booting Linux. > > There are lots of examples, one is the original RSA routines, as I said, > which have not direct-linked tests and are only tested by vboot.py. > >>> >>>> Please, provide a documentation how these different tools and files work >>>> together. >>> >>> What do you mean by different tools? >>> Asn1 compiler and what? >>> Do you want to have doc/README.asn1compiler? >> >> This patch series provides some puzzle pieces but doesn't tell me how >> they fit together. Maybe a README describing the different elements >> provided for UEFI secure boot would be most appropriate. > > All what you need to know is that the patch set will generate > and provide x509 parser and pkcs7 parser as a result of build process. > > I will a few lines of README.asn1compiler to describe that. > > -Takahiro Akashi > >> Best regards >> >> Heinrich >> >>> >>> Thanks, >>> -Takahiro Akashi >>> >>> >>>> Best regards >>>> >>>> Heinrich >>> >> >