From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from phobos.denx.de (phobos.denx.de [85.214.62.61]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.lore.kernel.org (Postfix) with ESMTPS id B2BA6C433EF for ; Mon, 21 Feb 2022 18:59:40 +0000 (UTC) Received: from h2850616.stratoserver.net (localhost [IPv6:::1]) by phobos.denx.de (Postfix) with ESMTP id 2014D83A48; Mon, 21 Feb 2022 19:59:38 +0100 (CET) Authentication-Results: phobos.denx.de; dmarc=fail (p=none dis=none) header.from=gmx.de Authentication-Results: phobos.denx.de; spf=pass smtp.mailfrom=u-boot-bounces@lists.denx.de Authentication-Results: phobos.denx.de; dkim=pass (1024-bit key; secure) header.d=gmx.net header.i=@gmx.net header.b="HXvZ0eZt"; dkim-atps=neutral Received: by phobos.denx.de (Postfix, from userid 109) id 4578483A54; Mon, 21 Feb 2022 19:59:36 +0100 (CET) Received: from mout.gmx.net (mout.gmx.net [212.227.15.15]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) (No client certificate requested) by phobos.denx.de (Postfix) with ESMTPS id 976A183A29 for ; Mon, 21 Feb 2022 19:59:32 +0100 (CET) Authentication-Results: phobos.denx.de; dmarc=pass (p=none dis=none) header.from=gmx.de Authentication-Results: phobos.denx.de; spf=pass smtp.mailfrom=xypron.glpk@gmx.de DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=gmx.net; s=badeba3b8450; t=1645469971; bh=KGpSwoUsB2OisPEibkSa6OxyLtNNsy+o5xlre4hKwUU=; h=X-UI-Sender-Class:Date:Subject:To:References:Cc:From:In-Reply-To; b=HXvZ0eZtrUH9/CkrtYgfrUfyn3W5d5Qc7kRr+u7P9yp3biFk7BKSQHbv6MEw67vex dok+/RtHGA4SIkVO58VkI7w+DFbCvSoipLN1F9m3YuLTRD6X5cxt+5IlQlICCsUafB 8AH3nLxbcO+mPaUC+tisucMvEmxsNC71+JCgmuvM= X-UI-Sender-Class: 01bb95c1-4bf8-414a-932a-4f6e2808ef9c Received: from [192.168.123.55] ([88.152.144.107]) by mail.gmx.net (mrgmx005 [212.227.17.190]) with ESMTPSA (Nemesis) id 1MfHAH-1nsHnc0R4t-00gpKR; Mon, 21 Feb 2022 19:59:31 +0100 Message-ID: Date: Mon, 21 Feb 2022 19:59:26 +0100 MIME-Version: 1.0 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:91.0) Gecko/20100101 Thunderbird/91.6.1 Subject: Re: [PATCH v11 2/9] tools: mkeficapsule: add firmware image signing Content-Language: en-US To: AKASHI Takahiro References: <20220209101042.78036-1-takahiro.akashi@linaro.org> <20220209101042.78036-3-takahiro.akashi@linaro.org> <8f054639-b37c-8636-4097-ce91087f4926@gmx.de> <20220214005420.GB39639@laputa> <20220221004359.GA41731@laputa> Cc: Simon Glass , Ilias Apalodimas , Sughosh Ganu , Masami Hiramatsu , U-Boot Mailing List , Tom Rini , Mark Kettenis From: Heinrich Schuchardt In-Reply-To: <20220221004359.GA41731@laputa> Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: quoted-printable X-Provags-ID: V03:K1:tVHEu3GxFrdnDWCfOayxO2FuS2i6/n/hZqpZIr9w6a8EkPgqiTX E6rPgmzXpi+n7uPQn2BWKjo1+EuLgEtn5S4dJ37opf1vsV7qIlgF8EPNqf9aXKnT5cX63fc c92LZzGlGisP5xUYF1ZgE8/wZnJbnx1lswAxV6sI2M6okRDIZLCJgQIZhXcLoG5nuz3cixn 4+vWfz9IYJaXyc4CUFfeA== X-UI-Out-Filterresults: notjunk:1;V03:K0:TI+eoKuT8Zg=:1Guk3uvBxGPcmbikyForl/ U85v1LQf7itMj7hMnzolOSnBj8iSN9UK5OuQdXcO/615aHYaVCDpgJ6v5FJGCc+9tI9kAsAGh 1PQMcPeYUAuTWY2BZv1sFofJSgkUtL2Kbp9Zl0bouJgbfImG01+TfR4+DtR5ceP0YySw0zmGe wziBy4pPnzvoZI05Z3YWhoao/zJjHrNiSReVL1XXaxuKGCgjuZJYzsm8zrCQGModmXZseqPpD 8BmURcb2qGzvtPaZ/TBobQyNwqxWTF7ZCWfW3PUAQmIgSAbqUVS+1CcudA4Kl4yAurRyJdNSb 49xSStKmFCIOdKjc1lOG+En8gMY1CX0f3DhkTqTzpPZAj1r9+mVeK/1cXZHtEyEGIcKDKo50D W2x+vLLKwNLfOEMktGLtzROAFhXOBdRWQxQGqLGcsLrkOCdkilDfCD1L2PMkFvvYGdsZLYVrV 4rGlpsdmlhLfAL2ONFCLNAjEaia2HYI9XoiM16FveKtzHPs08OaV3eEzuo5Z1Af+EezonORSW UUi8X9TWwl8JRiWXiAMC1zrUvOAKhHeeK+tsUTAlvzqf/KlM2QxNZ5ePM4TJG08m3TTbKtyHp 8RauTgLW4B5puqssmEw2pXT+SIXbbZyyu1WBXVKwvOaqoBxKtswhxK4q5Qh8Dgq+GOYEqjzlR 6Xa2EdJ3ZPv2Tjtl8zc8W40qZhS7uNGT0u7C133TAWxtdzVD3khtBGH47uQTqS90sRoKPQiOJ +J5SBMJ+/t7+wjR6veuz49/ruJQjmtjUcGayFFJJlv/YGdq4kWqo4NV9/RdY/0fJU/ZsVDlEB 0T4ERjCQuqm5LRieBcD/F+X+yCecCtFjwtGltlNDcFukAjuKkyTVsDJwzzcSZ6cSqsAEmKTos Y3y+/IuVGJ6S6vD/hRcJ7c9XWH6dVWYHwSegbNQiogkZN7u/1DdzJbXCZjTw/17owFenZpQd+ 8XMRO2UGAMfdpIPV7qwgiu2WP6U8l4X0wpSIPVDVOzeRDY8M2YdFOYn+JBXkistQB8AMcZ0a6 YKRS+Tl+f8SjthUglnQ37imkXY5Hy4t17vqSHUjmeXYjiIgAEIo+Sd5xGLvRr1BD0V+rPFq2c QPYjKf3209PIaE= X-BeenThere: u-boot@lists.denx.de X-Mailman-Version: 2.1.39 Precedence: list List-Id: U-Boot discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: u-boot-bounces@lists.denx.de Sender: "U-Boot" X-Virus-Scanned: clamav-milter 0.103.5 at phobos.denx.de X-Virus-Status: Clean On 2/21/22 01:43, AKASHI Takahiro wrote: > Hi Simon, > > On Sat, Feb 19, 2022 at 04:11:08PM -0700, Simon Glass wrote: >> Hi, >> >> On Sun, 13 Feb 2022 at 17:54, AKASHI Takahiro >> wrote: >>> >>> Heinrich, >>> >>> On Fri, Feb 11, 2022 at 08:16:34PM +0100, Heinrich Schuchardt wrote: >>>> On 2/9/22 11:10, AKASHI Takahiro wrote: >>>>> With this enhancement, mkeficapsule will be able to sign a capsule >>>>> file when it is created. A signature added will be used later >>>>> in the verification at FMP's SetImage() call. >>>>> >>>>> To do that, we need specify additional command parameters: >>>>> -monotonic-cout : monotonic count >>>>> -private-key : private key file >>>>> -certificate : certificate file >>>>> Only when all of those parameters are given, a signature will be add= ed >>>>> to a capsule file. >>>>> >>>>> Users are expected to maintain and increment the monotonic count at >>>>> every time of the update for each firmware image. >>>>> >>>>> Signed-off-by: AKASHI Takahiro >>>>> Reviewed-by: Simon Glass >>>>> Acked-by: Ilias Apalodimas >>>>> --- >>>>> .azure-pipelines.yml | 2 +- >>>>> tools/Makefile | 1 + >>>>> tools/eficapsule.h | 115 +++++++++++++ >>>>> tools/mkeficapsule.c | 380 ++++++++++++++++++++++++++++++++++++++= +---- >>>>> 4 files changed, 463 insertions(+), 35 deletions(-) >>>>> create mode 100644 tools/eficapsule.h >> >> I'm not sure if it is this patch or something else, but building is >> broken as it needs >> >> gnutls/gnutls.h >> >> Please update the docs in doc/build/gcc.rst to fix this. > > I have not noticed that there is *another* list of package dependency. > It is easy to fix against gnutls.h, but gnutls.h (or libgnutls-dev) > is NOT the only component missing in the list. > > Comparing gcc.rst with gitlab-ci.yml, there already exist a lot of > such packages: > > gcc.rst | gitlab-ci.yml > =3D=3D=3D=3D=3D=3D =3D=3D=3D=3D=3D=3D > > automake > > autopoint > bc bc > > binutils-dev > bison bison > build-essential build-essential > coccinelle | clang-10 > > coreutils > > cpio > > cppcheck > > curl > device-tree-compiler device-tree-compiler > dfu-util | dosfstools > > e2fsprogs > efitools efitools > > fakeroot > flex flex > gdisk gdisk > > git > > gnu-efi > graphviz graphviz > > grub-efi-amd64-bin > > grub-efi-ia32-bin There are some package that are not needed for building at all like these GRUB packages which just serve as test binaries. > > help2man > > iasl > imagemagick imagemagick > liblz4-tool | iputils-ping > libguestfs-tools libguestfs-tools > libncurses-dev | libgnutls28-dev > libpython3-dev | libgnutls30 > > libisl15 > > liblz4-tool > > libpixman-1-dev > > libpython-dev libpython-dev does not even exist in Ubuntu 22.04. Who cares about Python2 package anymore? Best regards Heinrich > > libsdl1.2-dev > libsdl2-dev libsdl2-dev > libssl-dev libssl-dev > lz4 | libudev-dev > lzma | libusb-1.0-0-dev > lzma-alone lzma-alone > > lzop > > mount > > mtd-utils > > mtools > openssl openssl > > picocom > > parted > pkg-config pkg-config > python3 | python > python3-coverage | python-dev > python3-pkg-resources | python-pip > python3-pycryptodome | python-virtualenv > python3-pyelftools | python3-pip > python3-pytest | python3-sphinx > python3-sphinxcontrib.apidoc | rpm2cpio > python3-sphinx-rtd-theme | sbsigntool > python3-virtualenv | sloccount > > sparse > > srecord > > sudo > swig swig > > util-linux > > uuid-dev > > virtualenv > > zip > > -Takahiro Akashi