From: Mattijs Korpershoek <mkorpershoek@kernel.org>
To: Eddie Kovsky <ekovsky@redhat.com>, Tom Rini <trini@konsulko.com>,
Tobias Olausson <tobias@eub.se>,
Paul HENRYS <paul.henrys_ext@softathome.com>,
Simon Glass <sjg@chromium.org>, Jan Stancek <jstancek@redhat.com>,
Enric Balletbo i Serra <eballetb@redhat.com>,
a.fatoum@pengutronix.de, mark.kettenis@xs4all.nl,
Mattijs Korpershoek <mkorpershoek@kernel.org>
Cc: u-boot@lists.denx.de
Subject: Re: [PATCH v4] Add support for OpenSSL Provider API
Date: Thu, 30 Apr 2026 09:54:33 +0200 [thread overview]
Message-ID: <87cxzgevd2.fsf@kernel.org> (raw)
In-Reply-To: <20260429180247.83091-1-ekovsky@redhat.com>
Hi Eddie,
Thank you for the patch.
On Wed, Apr 29, 2026 at 12:02, Eddie Kovsky <ekovsky@redhat.com> wrote:
> The Engine API has been deprecated since the release of OpenSSL 3.0. End
> users have been advised to migrate to the new Provider interface.
> Several distributions have already removed support for engines, which is
> preventing U-Boot from being compiled in those environments.
>
> Add support for the Provider API while continuing to support the existing
> Engine API on distros shipping older releases of OpenSSL.
>
> This is based on similar work contributed by Jan Stancek updating Linux
> to use the Provider interface.
>
> commit 558bdc45dfb2669e1741384a0c80be9c82fa052c
> Author: Jan Stancek <jstancek@redhat.com>
> Date: Fri Sep 20 19:52:48 2024 +0300
>
> sign-file,extract-cert: use pkcs11 provider for OPENSSL MAJOR >= 3
>
> The changes have been tested with the FIT signature verification vboot
> tests on Fedora 42 and Debian 13. All 30 tests pass with both the legacy
> Engine library installed and with the Provider API.
>
> Tested-by Enric Balletbo i Serra <eballetb@redhat.com>
> Tested-by Mark Kettenis <mark.kettenis@xs4all.nl>
> Signed-off-by: Eddie Kovsky <ekovsky@redhat.com>
Reviewed-by: Mattijs Korpershoek <mkorpershoek@kernel.org>
> ---
next prev parent reply other threads:[~2026-04-30 7:54 UTC|newest]
Thread overview: 9+ messages / expand[flat|nested] mbox.gz Atom feed top
2026-04-29 18:02 [PATCH v4] Add support for OpenSSL Provider API Eddie Kovsky
2026-04-30 7:54 ` Mattijs Korpershoek [this message]
2026-05-12 10:17 ` Quentin Schulz
2026-05-21 22:29 ` Eddie Kovsky
2026-05-22 14:37 ` Quentin Schulz
2026-06-04 6:22 ` Enric Balletbo i Serra
2026-05-20 10:28 ` Quentin Schulz
2026-05-21 12:43 ` Quentin Schulz
2026-05-20 11:32 ` Quentin Schulz
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=87cxzgevd2.fsf@kernel.org \
--to=mkorpershoek@kernel.org \
--cc=a.fatoum@pengutronix.de \
--cc=eballetb@redhat.com \
--cc=ekovsky@redhat.com \
--cc=jstancek@redhat.com \
--cc=mark.kettenis@xs4all.nl \
--cc=paul.henrys_ext@softathome.com \
--cc=sjg@chromium.org \
--cc=tobias@eub.se \
--cc=trini@konsulko.com \
--cc=u-boot@lists.denx.de \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.