From: Tom Rini <trini@ti.com>
To: u-boot@lists.denx.de
Subject: [U-Boot] [PATCH v3 03/12] image: Add RSA support for image signing
Date: Thu, 27 Jun 2013 08:50:48 -0400 [thread overview]
Message-ID: <51CC3528.2080000@ti.com> (raw)
In-Reply-To: <CAPnjgZ1=V=_xrabXFGSKLznpTBm5zFUsfevOG+O3rao8Hujh-w@mail.gmail.com>
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On 06/27/2013 02:44 AM, Simon Glass wrote:
> Hi Masahiro,
>
> On Wed, Jun 26, 2013 at 9:08 PM, Masahiro Yamada
> <yamada.m at jp.panasonic.com <mailto:yamada.m@jp.panasonic.com>>
> wrote:
>
> Hello, Simon.
>
>
> When compiling the master branch, I got an error while a
> tools/mkimage build.
>
>
> u-boot/lib/rsa/rsa-sign.c:26:25: fatal error: openssl/rsa.h: No
> such file or directory
>
>
> I think this erorr is caused by commit 19c402a.
>
>
> I searched and installed the necessary package and I could resolve
> this error.
>
> $ apt-file search openssl/rsa.h libssl-dev:
> /usr/include/openssl/rsa.h $ sudo apt-get install libssl-dev
>
>
> Let me ask a question.
>
> Going forward do we always need the openssl development package
> for creating mkimage tool? Or is it possible to disable RSA feature
> by some CONFIG option?
>
>
> This is to support verified boot using FIT. Yes it would be
> possible to make it an option. I had it that way for a while, but
> then I worried that it would create two versions of mkimage, one
> of which is incapable of signing images. That means that mkimage
> would need to be built for a board with verified boot enabled in
> order to get full functionality.
>
> Perhaps another way would be to check for the header and (if not
> present), silently build without signing support?
Hurk, dang it.. Yes, I think we need to build and go with an error
message on attempted use. Skimming the code, we can't rely on
CONFIG_FIT_SIGNATURE being inherited from the config, on the host
side, yes?
- --
Tom
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/
iQIcBAEBAgAGBQJRzDUoAAoJENk4IS6UOR1WOF8P/in1joGCy0NcOJ3g3PKRRi5Y
eUgwTbOaQ3x82dJ3820YEkxSpaJIxiw+l0cvbWVH9TR6wO/7EiVjNLmFwauhuVBU
BAf9ghleHjd3T6utxEzDk0z9O2E9f8aliSQ1d31oK1NrM/IvhW06udv6V0shFRCN
i3uD4bkWPgv+qChZ+94ma4rc3SDz393lG2dwn0L9TZ/Kv3qOaoEr1qTDSS2fRXqg
2Yd1vFD3mT9ZEMQwfteoThuXWZfyWFYfh9wsUjwjHonJNauwKkZgWFHnZpYCv6tJ
TQEOH7pVpO7RAMFw/7f/tXdk/U2Qnmq/GH0Gy/p9E7UYb4IqXNGrXBOjhEGizH+c
gA4bAxjooHoVayUf/m3m6g5WUd1uv6cKhcS5WppmaduPdPncB8wPKxksT/ti1NKi
4yDdFLsudPvO+0R94MT+5dgV4Album8aoICmSgzxRy+3x9lGGxEGHeCleDtwnLTR
dQEnmUEweKvwL1MNJZ6TBtqekbf/hKVbgn4EqEi0fb4CLKCVFOGT3YSu8oWDaZEQ
q0C08/hn6lNgbGqTQL83I0lahp2HiPjHZMvUVVcE0lzOIowkTLLxvsZLfLhlCdXv
LxG26Pi0rG/CU8BnYQ/W00X4HPi20UDOt9nLyINq63ctKLWKMMA3B7IkcpBGbT2U
dA8uceK04MStQdxiB3kh
=wI1Q
-----END PGP SIGNATURE-----
next prev parent reply other threads:[~2013-06-27 12:50 UTC|newest]
Thread overview: 27+ messages / expand[flat|nested] mbox.gz Atom feed top
2013-06-13 22:09 [PATCH v3 0/12] Verified boot implementation based on FIT Simon Glass
2013-06-13 22:09 ` [U-Boot] " Simon Glass
2013-06-13 22:10 ` [U-Boot] [PATCH v3 01/12] image: Add signing infrastructure Simon Glass
2013-06-13 22:10 ` [U-Boot] [PATCH v3 02/12] image: Support signing of images Simon Glass
2013-06-13 22:10 ` [U-Boot] [PATCH v3 03/12] image: Add RSA support for image signing Simon Glass
2013-06-27 4:08 ` Masahiro Yamada
2013-06-27 6:44 ` Simon Glass
2013-06-27 12:50 ` Tom Rini [this message]
2013-06-27 15:45 ` Simon Glass
2013-06-27 15:48 ` Tom Rini
2013-06-27 17:04 ` Simon Glass
2013-06-13 22:10 ` [U-Boot] [PATCH v3 04/12] mkimage: Add -k option to specify key directory Simon Glass
2013-06-13 22:10 ` [U-Boot] [PATCH v3 05/12] mkimage: Add -K to write public keys to an FDT blob Simon Glass
2013-06-13 22:10 ` [U-Boot] [PATCH v3 06/12] mkimage: Add -F option to modify an existing .fit file Simon Glass
2013-06-13 22:10 ` [U-Boot] [PATCH v3 07/12] mkimage: Add -c option to specify a comment for key signing Simon Glass
2013-06-13 22:10 ` [U-Boot] [PATCH v3 08/12] mkimage: Add -r option to specify keys that must be verified Simon Glass
[not found] ` <1371161411-2834-1-git-send-email-sjg-F7+t8E8rja9g9hUCZPvPmw@public.gmane.org>
2013-06-13 22:10 ` [PATCH v3 09/12] libfdt: Add fdt_find_regions() Simon Glass
2013-06-13 22:10 ` [U-Boot] " Simon Glass
2013-06-26 20:24 ` [U-Boot] [PATCH v3 0/12] Verified boot implementation based on FIT Tom Rini
2013-06-26 20:24 ` Tom Rini
2013-06-13 22:10 ` [U-Boot] [PATCH v3 10/12] image: Add support for signing of FIT configurations Simon Glass
2013-06-13 22:10 ` [U-Boot] [PATCH v3 11/12] sandbox: config: Enable FIT signatures with RSA Simon Glass
2013-06-13 22:10 ` [U-Boot] [PATCH v3 12/12] Add verified boot information and test Simon Glass
2013-06-13 22:33 ` Simon Glass
2013-06-20 16:07 ` Tom Rini
2013-06-20 16:18 ` Simon Glass
2013-06-20 20:55 ` Simon Glass
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=51CC3528.2080000@ti.com \
--to=trini@ti.com \
--cc=u-boot@lists.denx.de \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.