From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 6AFC5C433EF for ; Tue, 19 Oct 2021 13:28:55 +0000 (UTC) Received: from phobos.denx.de (phobos.denx.de [85.214.62.61]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPS id A80A561374 for ; Tue, 19 Oct 2021 13:28:54 +0000 (UTC) DMARC-Filter: OpenDMARC Filter v1.4.1 mail.kernel.org A80A561374 Authentication-Results: mail.kernel.org; dmarc=none (p=none dis=none) header.from=sholland.org Authentication-Results: mail.kernel.org; spf=pass smtp.mailfrom=lists.denx.de Received: from h2850616.stratoserver.net (localhost [IPv6:::1]) by phobos.denx.de (Postfix) with ESMTP id 8BA988311B; Tue, 19 Oct 2021 15:28:52 +0200 (CEST) Authentication-Results: phobos.denx.de; dmarc=none (p=none dis=none) header.from=sholland.org Authentication-Results: phobos.denx.de; spf=pass smtp.mailfrom=u-boot-bounces@lists.denx.de Authentication-Results: phobos.denx.de; dkim=pass (2048-bit key; unprotected) header.d=sholland.org header.i=@sholland.org header.b="ZwEqLBB4"; dkim=pass (2048-bit key; unprotected) header.d=messagingengine.com header.i=@messagingengine.com header.b="euJspUM2"; dkim-atps=neutral Received: by phobos.denx.de (Postfix, from userid 109) id 7A14783130; Tue, 19 Oct 2021 15:28:50 +0200 (CEST) Received: from out1-smtp.messagingengine.com (out1-smtp.messagingengine.com [66.111.4.25]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) (No client certificate requested) by phobos.denx.de (Postfix) with ESMTPS id 2038F81197 for ; Tue, 19 Oct 2021 15:28:47 +0200 (CEST) Authentication-Results: phobos.denx.de; dmarc=none (p=none dis=none) header.from=sholland.org Authentication-Results: phobos.denx.de; spf=pass smtp.mailfrom=samuel@sholland.org Received: from compute4.internal (compute4.nyi.internal [10.202.2.44]) by mailout.nyi.internal (Postfix) with ESMTP id 6403C5C0275; Tue, 19 Oct 2021 09:28:46 -0400 (EDT) Received: from mailfrontend2 ([10.202.2.163]) by compute4.internal (MEProxy); Tue, 19 Oct 2021 09:28:46 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sholland.org; h= to:cc:references:from:subject:message-id:date:mime-version :in-reply-to:content-type:content-transfer-encoding; s=fm1; bh=y V4mJa1Q6+1V6bJGNBafcjkh/BBdOwIZsPhTiHONdUw=; b=ZwEqLBB4qWmMMP4lv H94SGR3ojV5yDcxXAt0MQ0gkxoP+Pl7egDmL2J2OLxcEkpkeOb53mVZYi+GAnv2c gMhpCZ3bMduZM/p0oae25IEW4zQ6oyLEA4t91x2P/QpTFGdDNiAbVFcu1/wT0eTt WTg8pnOuuwBpMcs/5SDo4RNY+tRq53Rf8tt6RX6nzAxE5z3Y9H5IAQUEtN6x2kEe xL5BFMAJgMrwKHREBLbDjGGzszSy2S6pPvIqsuYBXpEZ1nEko0wurlsb7yo22d4S BCPWpsF7PT2/sBkbI/Lwq7pbmkFbXLTIBN+LpxWkxr5pLf8WNRvn55zcW9rHSrge Pue9Q== DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= messagingengine.com; h=cc:content-transfer-encoding:content-type :date:from:in-reply-to:message-id:mime-version:references :subject:to:x-me-proxy:x-me-proxy:x-me-sender:x-me-sender :x-sasl-enc; s=fm1; bh=yV4mJa1Q6+1V6bJGNBafcjkh/BBdOwIZsPhTiHONd Uw=; b=euJspUM2RRzdEaEU4LsMo7k4FpGLoKWHZRudwEyerUzRlkrOrtRGrE8Ue u+sfjnd4WUPE7bEv2ZGxThaNs9uZF8NH9RI0t6RGCg3CTh/zR7bD2C5T2aCdsaH3 xnXmzoG2mSt04XS1v5q8IIt7SygqVVh+S2vNcxDqwBt2OQ+7WlfA2/tA57rePJoH HzUPh9YZK+1rkH9sa0gVuhaHgMvrcXxSB3UEiqK/zJppsmPVih/ncQqi/01SJwzH zqi6jtSDbASFyKrshoCszAg0sPCZxjCLM9C24RfBp2n9Ij9U74ZTuEMToLrvdsms lUlyZtIyIW09XgPv+g+Q6/P00I6LQ== X-ME-Sender: X-ME-Received: X-ME-Proxy-Cause: gggruggvucftvghtrhhoucdtuddrgedvtddrvddvvddgheelucetufdoteggodetrfdotf fvucfrrhhofhhilhgvmecuhfgrshhtofgrihhlpdfqfgfvpdfurfetoffkrfgpnffqhgen uceurghilhhouhhtmecufedttdenucesvcftvggtihhpihgvnhhtshculddquddttddmne cujfgurhepvfhfhffukffffgggjggtgfesthekredttdefjeenucfhrhhomhepufgrmhhu vghlucfjohhllhgrnhguuceoshgrmhhuvghlsehshhholhhlrghnugdrohhrgheqnecugg ftrfgrthhtvghrnhepvddttdejieduudfgffevteekffegffeguddtgfefkeduvedukeff hedtfeevuedvnecuvehluhhsthgvrhfuihiivgeptdenucfrrghrrghmpehmrghilhhfrh homhepshgrmhhuvghlsehshhholhhlrghnugdrohhrgh X-ME-Proxy: Received: by mail.messagingengine.com (Postfix) with ESMTPA; Tue, 19 Oct 2021 09:28:44 -0400 (EDT) To: Andre Przywara , "Alex G." , =?UTF-8?Q?Pali_Roh=c3=a1r?= Cc: u-boot@lists.denx.de, Jagan Teki , Chris Packham , "NXP i.MX U-Boot Team" , Naoki Hayama , Joel Stanley References: <20211015031916.44461-1-samuel@sholland.org> <20211015031916.44461-2-samuel@sholland.org> <1a532861-99bd-241f-8551-65541fa58052@gmail.com> <20211019114150.1773cbfc@donnerap.cambridge.arm.com> From: Samuel Holland Subject: Re: [PATCH v3 1/4] tools: Separate image types which depend on OpenSSL Message-ID: Date: Tue, 19 Oct 2021 08:28:44 -0500 User-Agent: Mozilla/5.0 (X11; Linux ppc64; rv:78.0) Gecko/20100101 Thunderbird/78.10.2 MIME-Version: 1.0 In-Reply-To: <20211019114150.1773cbfc@donnerap.cambridge.arm.com> Content-Type: text/plain; charset=utf-8 Content-Language: en-US Content-Transfer-Encoding: 8bit X-BeenThere: u-boot@lists.denx.de X-Mailman-Version: 2.1.34 Precedence: list List-Id: U-Boot discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: u-boot-bounces@lists.denx.de Sender: "U-Boot" X-Virus-Scanned: clamav-milter 0.103.2 at phobos.denx.de X-Virus-Status: Clean On 10/19/21 5:41 AM, Andre Przywara wrote: > On Mon, 18 Oct 2021 09:09:04 -0500 > "Alex G." wrote: > > Hi, > >> On 10/14/21 10:19 PM, Samuel Holland wrote: >>> Some image types (kwbimage and mxsimage) always depend on OpenSSL, so >>> they can only be included in mkimage when TOOLS_LIBCRYPTO is selected. >>> Use Makefile logic to conditionally link the files. >>> >>> When building for platforms which use those image types, automatically >>> select TOOLS_LIBCRYPTO, since it is required for the build to complete. >>> >>> Signed-off-by: Samuel Holland >> >> NAK. >> >> The intent, as detailed in tools/Makefile, is to _NOT_ to conflate >> target options with tools options. > > I am a bit undecided, because I think the intent was more for *just* > building mkimage (tools-only_defconfig, for the u-boot-tools distro > package, for instance). (Which doesn't seem to work, btw, with or without > this patch.) TOOLS_LIBCRYPTO=n works for me with this patch, and I just double-checked and verified that mkimage is compiled/linked without OpenSSL. > However just building mkimage because it's needed to create a certain > board firmware is a different story, I think, and including OpenSSL (if > the platform requires that) is hardly a user's choice at this point. > > But anyway: Samuel, what is the actual problem this patch is solving? The actual problem is that TOOLS_LIBCRYPTO=n is broken, and would be further broken by adding sunxi_toc0.o to dumpimage-mkimage-objs. Fixing that requires moving objects that depend on OpenSSL to LIBCRYPTO_OBJS, and adding sunxi_toc0.o there in patch 2. > TOOLS_LIBCRYPTO is default y, so normally (make foo_defconfig; make) > everything should be fine? And it only breaks if a user deliberately and > manually deselects it, between "make foo_defconfig" and "make"? > > So this patch is somewhat optional, at least for the purpose of TOC0 > support? The Makefile changes are needed for TOC0 support. The Kconfig changes are not. And I think the only controversial part of this patch is the "select TOOLS_LIBCRYPTO" lines. So I suggest omitting all of the Kconfig changes from this patch (and removing those lines from the commit message). I can send v4 or you can fix it up. Regards, Samuel > Cheers, > Andre > >> Disabling openssl libs is purely at the user's discretion. If platforms >> can't build a usable image, I suggest just printing a loud warning >> instead of overriding the user. >> >> Alex >> >>> --- >>> >>> Changes in v3: >>> - Selected TOOLS_LIBCRYPTO on all platforms that use kwbimage (as best >>> as I can tell, using the suggestions from Pali Rohár) >>> >>> Changes in v2: >>> - Refactored the first patch on top of TOOLS_LIBCRYPTO >>> >>> arch/arm/Kconfig | 3 +++ >>> arch/arm/mach-imx/mxs/Kconfig | 2 ++ >>> scripts/config_whitelist.txt | 1 - >>> tools/Makefile | 19 +++++-------------- >>> tools/mxsimage.c | 3 --- >>> 5 files changed, 10 insertions(+), 18 deletions(-) >>> >>> diff --git a/arch/arm/Kconfig b/arch/arm/Kconfig >>> index d8c041a877..380ad4f670 100644 >>> --- a/arch/arm/Kconfig >>> +++ b/arch/arm/Kconfig >>> @@ -566,6 +566,7 @@ config ARCH_KIRKWOOD >>> select BOARD_EARLY_INIT_F >>> select CPU_ARM926EJS >>> select GPIO_EXTRA_HEADER >>> + select TOOLS_LIBCRYPTO >>> >>> config ARCH_MVEBU >>> bool "Marvell MVEBU family (Armada XP/375/38x/3700/7K/8K)" >>> @@ -580,12 +581,14 @@ config ARCH_MVEBU >>> select OF_CONTROL >>> select OF_SEPARATE >>> select SPI >>> + select TOOLS_LIBCRYPTO >>> imply CMD_DM >>> >>> config ARCH_ORION5X >>> bool "Marvell Orion" >>> select CPU_ARM926EJS >>> select GPIO_EXTRA_HEADER >>> + select TOOLS_LIBCRYPTO >>> >>> config TARGET_STV0991 >>> bool "Support stv0991" >>> diff --git a/arch/arm/mach-imx/mxs/Kconfig b/arch/arm/mach-imx/mxs/Kconfig >>> index b2026a3758..6f138d25e9 100644 >>> --- a/arch/arm/mach-imx/mxs/Kconfig >>> +++ b/arch/arm/mach-imx/mxs/Kconfig >>> @@ -3,6 +3,7 @@ if ARCH_MX23 >>> config MX23 >>> bool >>> default y >>> + select TOOLS_LIBCRYPTO >>> >>> choice >>> prompt "MX23 board select" >>> @@ -34,6 +35,7 @@ if ARCH_MX28 >>> config MX28 >>> bool >>> default y >>> + select TOOLS_LIBCRYPTO >>> >>> choice >>> prompt "MX28 board select" >>> diff --git a/scripts/config_whitelist.txt b/scripts/config_whitelist.txt >>> index 3a6865dc70..bea6b6f83b 100644 >>> --- a/scripts/config_whitelist.txt >>> +++ b/scripts/config_whitelist.txt >>> @@ -838,7 +838,6 @@ CONFIG_MXC_UART_BASE >>> CONFIG_MXC_USB_FLAGS >>> CONFIG_MXC_USB_PORT >>> CONFIG_MXC_USB_PORTSC >>> -CONFIG_MXS >>> CONFIG_MXS_AUART >>> CONFIG_MXS_AUART_BASE >>> CONFIG_MXS_OCOTP >>> diff --git a/tools/Makefile b/tools/Makefile >>> index 999fd46531..a9b3d982d8 100644 >>> --- a/tools/Makefile >>> +++ b/tools/Makefile >>> @@ -94,9 +94,11 @@ ECDSA_OBJS-$(CONFIG_TOOLS_LIBCRYPTO) := $(addprefix lib/ecdsa/, ecdsa-libcrypto. >>> AES_OBJS-$(CONFIG_TOOLS_LIBCRYPTO) := $(addprefix lib/aes/, \ >>> aes-encrypt.o aes-decrypt.o) >>> >>> -# Cryptographic helpers that depend on openssl/libcrypto >>> -LIBCRYPTO_OBJS-$(CONFIG_TOOLS_LIBCRYPTO) := $(addprefix lib/, \ >>> - fdt-libcrypto.o) >>> +# Cryptographic helpers and image types that depend on openssl/libcrypto >>> +LIBCRYPTO_OBJS-$(CONFIG_TOOLS_LIBCRYPTO) := \ >>> + lib/fdt-libcrypto.o \ >>> + kwbimage.o \ >>> + mxsimage.o >>> >>> ROCKCHIP_OBS = lib/rc4.o rkcommon.o rkimage.o rksd.o rkspi.o >>> >>> @@ -118,10 +120,8 @@ dumpimage-mkimage-objs := aisimage.o \ >>> imximage.o \ >>> imx8image.o \ >>> imx8mimage.o \ >>> - kwbimage.o \ >>> lib/md5.o \ >>> lpc32xximage.o \ >>> - mxsimage.o \ >>> omapimage.o \ >>> os_support.o \ >>> pblimage.o \ >>> @@ -156,22 +156,13 @@ fit_info-objs := $(dumpimage-mkimage-objs) fit_info.o >>> fit_check_sign-objs := $(dumpimage-mkimage-objs) fit_check_sign.o >>> file2include-objs := file2include.o >>> >>> -ifneq ($(CONFIG_MX23)$(CONFIG_MX28)$(CONFIG_TOOLS_LIBCRYPTO),) >>> -# Add CONFIG_MXS into host CFLAGS, so we can check whether or not register >>> -# the mxsimage support within tools/mxsimage.c . >>> -HOSTCFLAGS_mxsimage.o += -DCONFIG_MXS >>> -endif >>> - >>> ifdef CONFIG_TOOLS_LIBCRYPTO >>> # This affects include/image.h, but including the board config file >>> # is tricky, so manually define this options here. >>> HOST_EXTRACFLAGS += -DCONFIG_FIT_SIGNATURE >>> HOST_EXTRACFLAGS += -DCONFIG_FIT_SIGNATURE_MAX_SIZE=0xffffffff >>> HOST_EXTRACFLAGS += -DCONFIG_FIT_CIPHER >>> -endif >>> >>> -# MXSImage needs LibSSL >>> -ifneq ($(CONFIG_MX23)$(CONFIG_MX28)$(CONFIG_ARMADA_38X)$(CONFIG_TOOLS_LIBCRYPTO),) >>> HOSTCFLAGS_kwbimage.o += \ >>> $(shell pkg-config --cflags libssl libcrypto 2> /dev/null || echo "") >>> HOSTLDLIBS_mkimage += \ >>> diff --git a/tools/mxsimage.c b/tools/mxsimage.c >>> index 002f4b525a..2bfbb421eb 100644 >>> --- a/tools/mxsimage.c >>> +++ b/tools/mxsimage.c >>> @@ -5,8 +5,6 @@ >>> * Copyright (C) 2012-2013 Marek Vasut >>> */ >>> >>> -#ifdef CONFIG_MXS >>> - >>> #include >>> #include >>> #include >>> @@ -2363,4 +2361,3 @@ U_BOOT_IMAGE_TYPE( >>> NULL, >>> mxsimage_generate >>> ); >>> -#endif >>> >