* [Buildroot] [PATCH] boot/arm-trusted-firmware: add patch to fix fiptool link
@ 2023-07-19 12:53 Vincent Stehlé
2023-07-20 21:28 ` Thomas Petazzoni via buildroot
2023-07-21 13:09 ` [Buildroot] [PATCH v2] " Vincent Stehlé
0 siblings, 2 replies; 6+ messages in thread
From: Vincent Stehlé @ 2023-07-19 12:53 UTC (permalink / raw)
To: buildroot; +Cc: Vincent Stehlé, Sergey Matyukevich
When building a fip firmware (BR2_TARGET_ARM_TRUSTED_FIRMWARE_FIP=y), the
TF-A build recipe starts by building the host program fiptool with the
proper build environment variables. Then the main TF-A target firmware
build step takes place, with the expectation that the fiptool program will
be used under the hood if necessary.
In TF-A, the build recipe for the host program fiptool has subtly changed
after v2.7, in commit cf2dd17ddda2 ("refactor(security): add OpenSSL 1.x
compatibility"). This change has the effect to force re-linking fiptool
each time.
If we try to build with Buildroot a fip firmware with a TF-A version after
v2.7 comprising the aforementioned change, the fiptool program is forcibly
re-linked during the main firmware build step. This happens without the
proper build environment variables and consequently, if openssl is not
installed on the host, the libcrypto shared library will not be found by
the linker and the link will fail with the following error:
/usr/bin/ld: cannot find -lcrypto: No such file or directory
A patch has been integrated into TF-A to avoid re-linking fiptool when not
necessary, which should solve the problem starting with version v2.10. Add
that patch in Buildroot for versions v2.8 and v2.9, to repair the build in
the cases described above.
Signed-off-by: Vincent Stehlé <vincent.stehle@arm.com>
Cc: Dick Olsson <hi@senzilla.io>
Cc: Sergey Matyukevich <geomatsi@gmail.com>
---
Hi,
This can be tested with e.g. tests.boot.test_edk2 in an environment with no
openssl (libcrypto) installed.
Best regards,
Vincent.
...1-build-tools-avoid-unnecessary-link.patch | 77 +++++++++++++++++++
...1-build-tools-avoid-unnecessary-link.patch | 1 +
2 files changed, 78 insertions(+)
create mode 100644 boot/arm-trusted-firmware/v2.8/0001-build-tools-avoid-unnecessary-link.patch
create mode 120000 boot/arm-trusted-firmware/v2.9/0001-build-tools-avoid-unnecessary-link.patch
diff --git a/boot/arm-trusted-firmware/v2.8/0001-build-tools-avoid-unnecessary-link.patch b/boot/arm-trusted-firmware/v2.8/0001-build-tools-avoid-unnecessary-link.patch
new file mode 100644
index 0000000000..9e0ea74248
--- /dev/null
+++ b/boot/arm-trusted-firmware/v2.8/0001-build-tools-avoid-unnecessary-link.patch
@@ -0,0 +1,77 @@
+From aa57ce632c629fe72ff417e261e0f5bfd8db6bab Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Vincent=20Stehl=C3=A9?= <vincent.stehle@arm.com>
+Date: Tue, 4 Jul 2023 16:14:02 +0200
+Subject: [PATCH] build(tools): avoid unnecessary link
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+In their respective makefiles, cert_create, encrypt_fw and fiptool
+depend on the --openssl phony target as a prerequisite. This forces
+those tools to be re-linked each time.
+
+Move the dependencies on the --openssl target from the tools to their
+makefiles all targets, to avoid unnecessary linking while preserving the
+OpenSSL version printing done in the --openssl targets when in debug.
+
+Fixes: cf2dd17ddda2 ("refactor(security): add OpenSSL 1.x compatibility")
+Signed-off-by: Vincent Stehlé <vincent.stehle@arm.com>
+Change-Id: I98a3ab30f36dffc253cecaaf3a57d2712522135d
+Upstream: https://git.trustedfirmware.org/TF-A/trusted-firmware-a.git/commit/?id=aa57ce632c629fe72ff417e261e0f5bfd8db6bab
+---
+ tools/cert_create/Makefile | 4 ++--
+ tools/encrypt_fw/Makefile | 4 ++--
+ tools/fiptool/Makefile | 4 ++--
+ 3 files changed, 6 insertions(+), 6 deletions(-)
+
+diff --git a/tools/cert_create/Makefile b/tools/cert_create/Makefile
+index 042e844626..b911d19d2b 100644
+--- a/tools/cert_create/Makefile
++++ b/tools/cert_create/Makefile
+@@ -85,9 +85,9 @@ HOSTCC ?= gcc
+
+ .PHONY: all clean realclean --openssl
+
+-all: ${BINARY}
++all: --openssl ${BINARY}
+
+-${BINARY}: --openssl ${OBJECTS} Makefile
++${BINARY}: ${OBJECTS} Makefile
+ @echo " HOSTLD $@"
+ @echo 'const char build_msg[] = "Built : "__TIME__", "__DATE__; \
+ const char platform_msg[] = "${PLAT_MSG}";' | \
+diff --git a/tools/encrypt_fw/Makefile b/tools/encrypt_fw/Makefile
+index 2939b142be..924e5febab 100644
+--- a/tools/encrypt_fw/Makefile
++++ b/tools/encrypt_fw/Makefile
+@@ -65,9 +65,9 @@ HOSTCC ?= gcc
+
+ .PHONY: all clean realclean --openssl
+
+-all: ${BINARY}
++all: --openssl ${BINARY}
+
+-${BINARY}: --openssl ${OBJECTS} Makefile
++${BINARY}: ${OBJECTS} Makefile
+ @echo " HOSTLD $@"
+ @echo 'const char build_msg[] = "Built : "__TIME__", "__DATE__;' | \
+ ${HOSTCC} -c ${HOSTCCFLAGS} -xc - -o src/build_msg.o
+diff --git a/tools/fiptool/Makefile b/tools/fiptool/Makefile
+index 2ebee33931..4bdebd9235 100644
+--- a/tools/fiptool/Makefile
++++ b/tools/fiptool/Makefile
+@@ -68,9 +68,9 @@ DEPS := $(patsubst %.o,%.d,$(OBJECTS))
+
+ .PHONY: all clean distclean --openssl
+
+-all: ${PROJECT}
++all: --openssl ${PROJECT}
+
+-${PROJECT}: --openssl ${OBJECTS} Makefile
++${PROJECT}: ${OBJECTS} Makefile
+ @echo " HOSTLD $@"
+ ${Q}${HOSTCC} ${OBJECTS} -o $@ ${LDLIBS}
+ @${ECHO_BLANK_LINE}
+--
+2.25.1
+
diff --git a/boot/arm-trusted-firmware/v2.9/0001-build-tools-avoid-unnecessary-link.patch b/boot/arm-trusted-firmware/v2.9/0001-build-tools-avoid-unnecessary-link.patch
new file mode 120000
index 0000000000..e414b46e0f
--- /dev/null
+++ b/boot/arm-trusted-firmware/v2.9/0001-build-tools-avoid-unnecessary-link.patch
@@ -0,0 +1 @@
+../v2.8/0001-build-tools-avoid-unnecessary-link.patch
\ No newline at end of file
--
2.40.1
_______________________________________________
buildroot mailing list
buildroot@buildroot.org
https://lists.buildroot.org/mailman/listinfo/buildroot
^ permalink raw reply related [flat|nested] 6+ messages in thread* Re: [Buildroot] [PATCH] boot/arm-trusted-firmware: add patch to fix fiptool link
2023-07-19 12:53 [Buildroot] [PATCH] boot/arm-trusted-firmware: add patch to fix fiptool link Vincent Stehlé
@ 2023-07-20 21:28 ` Thomas Petazzoni via buildroot
2023-07-21 12:58 ` Vincent Stehlé
2023-07-21 13:09 ` [Buildroot] [PATCH v2] " Vincent Stehlé
1 sibling, 1 reply; 6+ messages in thread
From: Thomas Petazzoni via buildroot @ 2023-07-20 21:28 UTC (permalink / raw)
To: Vincent Stehlé; +Cc: Sergey Matyukevich, buildroot
Hello Vincent,
On Wed, 19 Jul 2023 14:53:09 +0200
Vincent Stehlé <vincent.stehle@arm.com> wrote:
> When building a fip firmware (BR2_TARGET_ARM_TRUSTED_FIRMWARE_FIP=y), the
> TF-A build recipe starts by building the host program fiptool with the
> proper build environment variables. Then the main TF-A target firmware
> build step takes place, with the expectation that the fiptool program will
> be used under the hood if necessary.
>
> In TF-A, the build recipe for the host program fiptool has subtly changed
> after v2.7, in commit cf2dd17ddda2 ("refactor(security): add OpenSSL 1.x
> compatibility"). This change has the effect to force re-linking fiptool
> each time.
>
> If we try to build with Buildroot a fip firmware with a TF-A version after
> v2.7 comprising the aforementioned change, the fiptool program is forcibly
> re-linked during the main firmware build step. This happens without the
> proper build environment variables and consequently, if openssl is not
> installed on the host, the libcrypto shared library will not be found by
> the linker and the link will fail with the following error:
>
> /usr/bin/ld: cannot find -lcrypto: No such file or directory
>
> A patch has been integrated into TF-A to avoid re-linking fiptool when not
> necessary, which should solve the problem starting with version v2.10. Add
> that patch in Buildroot for versions v2.8 and v2.9, to repair the build in
> the cases described above.
>
> Signed-off-by: Vincent Stehlé <vincent.stehle@arm.com>
> Cc: Dick Olsson <hi@senzilla.io>
> Cc: Sergey Matyukevich <geomatsi@gmail.com>
> ---
>
>
> Hi,
>
> This can be tested with e.g. tests.boot.test_edk2 in an environment with no
> openssl (libcrypto) installed.
Indeed, which means this commit can have:
Fixes:
https://gitlab.com/buildroot.org/buildroot/-/jobs/4664845767
As usual, one concern is that your commit is fixing the issue for
people using v2.8 and v2.9 precisely, but anyone using a custom version
based on 2.8 or 2.9 will not benefit from this fix.
One option would be to pass the relevant environment variables also at
build time, so that when fiptool is relinked, it gets relinked
correctly. But it's quite annoying to keep this pretty much forever in
Buildroot. So perhaps your solution with a patch is the most
reasonable, and people affected by the issue will find the patch in
Buildroot and use it for their custom version as well.
Thomas
--
Thomas Petazzoni, co-owner and CEO, Bootlin
Embedded Linux and Kernel engineering and training
https://bootlin.com
_______________________________________________
buildroot mailing list
buildroot@buildroot.org
https://lists.buildroot.org/mailman/listinfo/buildroot
^ permalink raw reply [flat|nested] 6+ messages in thread* Re: [Buildroot] [PATCH] boot/arm-trusted-firmware: add patch to fix fiptool link
2023-07-20 21:28 ` Thomas Petazzoni via buildroot
@ 2023-07-21 12:58 ` Vincent Stehlé
0 siblings, 0 replies; 6+ messages in thread
From: Vincent Stehlé @ 2023-07-21 12:58 UTC (permalink / raw)
To: Thomas Petazzoni; +Cc: Sergey Matyukevich, buildroot
On Thu, Jul 20, 2023 at 11:28:27PM +0200, Thomas Petazzoni wrote:
> Hello Vincent,
Hi Thomas,
Thanks for the review.
>
> On Wed, 19 Jul 2023 14:53:09 +0200
> Vincent Stehlé <vincent.stehle@arm.com> wrote:
>
> > When building a fip firmware (BR2_TARGET_ARM_TRUSTED_FIRMWARE_FIP=y), the
> > TF-A build recipe starts by building the host program fiptool with the
> > proper build environment variables. Then the main TF-A target firmware
> > build step takes place, with the expectation that the fiptool program will
> > be used under the hood if necessary.
> >
> > In TF-A, the build recipe for the host program fiptool has subtly changed
> > after v2.7, in commit cf2dd17ddda2 ("refactor(security): add OpenSSL 1.x
> > compatibility"). This change has the effect to force re-linking fiptool
> > each time.
> >
> > If we try to build with Buildroot a fip firmware with a TF-A version after
> > v2.7 comprising the aforementioned change, the fiptool program is forcibly
> > re-linked during the main firmware build step. This happens without the
> > proper build environment variables and consequently, if openssl is not
> > installed on the host, the libcrypto shared library will not be found by
> > the linker and the link will fail with the following error:
> >
> > /usr/bin/ld: cannot find -lcrypto: No such file or directory
> >
> > A patch has been integrated into TF-A to avoid re-linking fiptool when not
> > necessary, which should solve the problem starting with version v2.10. Add
> > that patch in Buildroot for versions v2.8 and v2.9, to repair the build in
> > the cases described above.
> >
> > Signed-off-by: Vincent Stehlé <vincent.stehle@arm.com>
> > Cc: Dick Olsson <hi@senzilla.io>
> > Cc: Sergey Matyukevich <geomatsi@gmail.com>
> > ---
> >
> >
> > Hi,
> >
> > This can be tested with e.g. tests.boot.test_edk2 in an environment with no
> > openssl (libcrypto) installed.
>
> Indeed, which means this commit can have:
>
> Fixes:
>
> https://gitlab.com/buildroot.org/buildroot/-/jobs/4664845767
>
Ok, thanks. I will send a v2 with this mention.
> As usual, one concern is that your commit is fixing the issue for
> people using v2.8 and v2.9 precisely, but anyone using a custom version
> based on 2.8 or 2.9 will not benefit from this fix.
You are right, this solution is not perfect.
To mitigate this bad impression, here is a quick audit of the existing
defconfigs in the tree:
45 have TF-A
9 have TF-A with FIP
2 have a custom TF-A version (v2.4-stm32mp-r1)
2 have a TF-A version in v2.8..v2.9
0 have TF-A with FIP and a custom version in v2.8..v2.9
I would say that for what is in tree at least we are safe.
>
> One option would be to pass the relevant environment variables also at
> build time, so that when fiptool is relinked, it gets relinked
> correctly. But it's quite annoying to keep this pretty much forever in
> Buildroot. So perhaps your solution with a patch is the most
> reasonable, and people affected by the issue will find the patch in
> Buildroot and use it for their custom version as well.
Another approach might be for the makefile to apply the patch only if it can
determine that the TF-A version is in the range v2.8..v2.9 and that fiptool is
necessary.
I think it is nearly impossible to make the range determination work in the
general case (for example when the version given is a commit id), therefore I
did not investigate that path seriously.
Best regards,
Vincent.
>
> Thomas
> --
> Thomas Petazzoni, co-owner and CEO, Bootlin
> Embedded Linux and Kernel engineering and training
> https://bootlin.com
_______________________________________________
buildroot mailing list
buildroot@buildroot.org
https://lists.buildroot.org/mailman/listinfo/buildroot
^ permalink raw reply [flat|nested] 6+ messages in thread
* [Buildroot] [PATCH v2] boot/arm-trusted-firmware: add patch to fix fiptool link
2023-07-19 12:53 [Buildroot] [PATCH] boot/arm-trusted-firmware: add patch to fix fiptool link Vincent Stehlé
2023-07-20 21:28 ` Thomas Petazzoni via buildroot
@ 2023-07-21 13:09 ` Vincent Stehlé
2023-07-23 17:33 ` Yann E. MORIN
2023-08-30 6:13 ` Peter Korsgaard
1 sibling, 2 replies; 6+ messages in thread
From: Vincent Stehlé @ 2023-07-21 13:09 UTC (permalink / raw)
To: buildroot; +Cc: Vincent Stehlé, Thomas Petazzoni, Sergey Matyukevich
When building a fip firmware (BR2_TARGET_ARM_TRUSTED_FIRMWARE_FIP=y), the
TF-A build recipe starts by building the host program fiptool with the
proper build environment variables. Then the main TF-A target firmware
build step takes place, with the expectation that the fiptool program will
be used under the hood if necessary.
In TF-A, the build recipe for the host program fiptool has subtly changed
after v2.7, in commit cf2dd17ddda2 ("refactor(security): add OpenSSL 1.x
compatibility"). This change has the effect to force re-linking fiptool
each time.
If we try to build with Buildroot a fip firmware with a TF-A version after
v2.7 comprising the aforementioned change, the fiptool program is forcibly
re-linked during the main firmware build step. This happens without the
proper build environment variables and consequently, if openssl is not
installed on the host, the libcrypto shared library will not be found by
the linker and the link will fail with the following error:
/usr/bin/ld: cannot find -lcrypto: No such file or directory
A patch has been integrated into TF-A to avoid re-linking fiptool when not
necessary, which should solve the problem starting with version v2.10. Add
that patch in Buildroot for versions v2.8 and v2.9, to repair the build in
the cases described above.
Fixes:
https://gitlab.com/buildroot.org/buildroot/-/jobs/4664845767
Signed-off-by: Vincent Stehlé <vincent.stehle@arm.com>
Cc: Dick Olsson <hi@senzilla.io>
Cc: Sergey Matyukevich <geomatsi@gmail.com>
---
Changes v1 -> v2:
- Add Fixes: mention (suggested by Thomas)
...1-build-tools-avoid-unnecessary-link.patch | 77 +++++++++++++++++++
...1-build-tools-avoid-unnecessary-link.patch | 1 +
2 files changed, 78 insertions(+)
create mode 100644 boot/arm-trusted-firmware/v2.8/0001-build-tools-avoid-unnecessary-link.patch
create mode 120000 boot/arm-trusted-firmware/v2.9/0001-build-tools-avoid-unnecessary-link.patch
diff --git a/boot/arm-trusted-firmware/v2.8/0001-build-tools-avoid-unnecessary-link.patch b/boot/arm-trusted-firmware/v2.8/0001-build-tools-avoid-unnecessary-link.patch
new file mode 100644
index 0000000000..9e0ea74248
--- /dev/null
+++ b/boot/arm-trusted-firmware/v2.8/0001-build-tools-avoid-unnecessary-link.patch
@@ -0,0 +1,77 @@
+From aa57ce632c629fe72ff417e261e0f5bfd8db6bab Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Vincent=20Stehl=C3=A9?= <vincent.stehle@arm.com>
+Date: Tue, 4 Jul 2023 16:14:02 +0200
+Subject: [PATCH] build(tools): avoid unnecessary link
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+In their respective makefiles, cert_create, encrypt_fw and fiptool
+depend on the --openssl phony target as a prerequisite. This forces
+those tools to be re-linked each time.
+
+Move the dependencies on the --openssl target from the tools to their
+makefiles all targets, to avoid unnecessary linking while preserving the
+OpenSSL version printing done in the --openssl targets when in debug.
+
+Fixes: cf2dd17ddda2 ("refactor(security): add OpenSSL 1.x compatibility")
+Signed-off-by: Vincent Stehlé <vincent.stehle@arm.com>
+Change-Id: I98a3ab30f36dffc253cecaaf3a57d2712522135d
+Upstream: https://git.trustedfirmware.org/TF-A/trusted-firmware-a.git/commit/?id=aa57ce632c629fe72ff417e261e0f5bfd8db6bab
+---
+ tools/cert_create/Makefile | 4 ++--
+ tools/encrypt_fw/Makefile | 4 ++--
+ tools/fiptool/Makefile | 4 ++--
+ 3 files changed, 6 insertions(+), 6 deletions(-)
+
+diff --git a/tools/cert_create/Makefile b/tools/cert_create/Makefile
+index 042e844626..b911d19d2b 100644
+--- a/tools/cert_create/Makefile
++++ b/tools/cert_create/Makefile
+@@ -85,9 +85,9 @@ HOSTCC ?= gcc
+
+ .PHONY: all clean realclean --openssl
+
+-all: ${BINARY}
++all: --openssl ${BINARY}
+
+-${BINARY}: --openssl ${OBJECTS} Makefile
++${BINARY}: ${OBJECTS} Makefile
+ @echo " HOSTLD $@"
+ @echo 'const char build_msg[] = "Built : "__TIME__", "__DATE__; \
+ const char platform_msg[] = "${PLAT_MSG}";' | \
+diff --git a/tools/encrypt_fw/Makefile b/tools/encrypt_fw/Makefile
+index 2939b142be..924e5febab 100644
+--- a/tools/encrypt_fw/Makefile
++++ b/tools/encrypt_fw/Makefile
+@@ -65,9 +65,9 @@ HOSTCC ?= gcc
+
+ .PHONY: all clean realclean --openssl
+
+-all: ${BINARY}
++all: --openssl ${BINARY}
+
+-${BINARY}: --openssl ${OBJECTS} Makefile
++${BINARY}: ${OBJECTS} Makefile
+ @echo " HOSTLD $@"
+ @echo 'const char build_msg[] = "Built : "__TIME__", "__DATE__;' | \
+ ${HOSTCC} -c ${HOSTCCFLAGS} -xc - -o src/build_msg.o
+diff --git a/tools/fiptool/Makefile b/tools/fiptool/Makefile
+index 2ebee33931..4bdebd9235 100644
+--- a/tools/fiptool/Makefile
++++ b/tools/fiptool/Makefile
+@@ -68,9 +68,9 @@ DEPS := $(patsubst %.o,%.d,$(OBJECTS))
+
+ .PHONY: all clean distclean --openssl
+
+-all: ${PROJECT}
++all: --openssl ${PROJECT}
+
+-${PROJECT}: --openssl ${OBJECTS} Makefile
++${PROJECT}: ${OBJECTS} Makefile
+ @echo " HOSTLD $@"
+ ${Q}${HOSTCC} ${OBJECTS} -o $@ ${LDLIBS}
+ @${ECHO_BLANK_LINE}
+--
+2.25.1
+
diff --git a/boot/arm-trusted-firmware/v2.9/0001-build-tools-avoid-unnecessary-link.patch b/boot/arm-trusted-firmware/v2.9/0001-build-tools-avoid-unnecessary-link.patch
new file mode 120000
index 0000000000..e414b46e0f
--- /dev/null
+++ b/boot/arm-trusted-firmware/v2.9/0001-build-tools-avoid-unnecessary-link.patch
@@ -0,0 +1 @@
+../v2.8/0001-build-tools-avoid-unnecessary-link.patch
\ No newline at end of file
--
2.40.1
_______________________________________________
buildroot mailing list
buildroot@buildroot.org
https://lists.buildroot.org/mailman/listinfo/buildroot
^ permalink raw reply related [flat|nested] 6+ messages in thread* Re: [Buildroot] [PATCH v2] boot/arm-trusted-firmware: add patch to fix fiptool link
2023-07-21 13:09 ` [Buildroot] [PATCH v2] " Vincent Stehlé
@ 2023-07-23 17:33 ` Yann E. MORIN
2023-08-30 6:13 ` Peter Korsgaard
1 sibling, 0 replies; 6+ messages in thread
From: Yann E. MORIN @ 2023-07-23 17:33 UTC (permalink / raw)
To: Vincent Stehlé; +Cc: Sergey Matyukevich, Thomas Petazzoni, buildroot
Vincent, All,
On 2023-07-21 15:09 +0200, Vincent Stehlé spake thusly:
> When building a fip firmware (BR2_TARGET_ARM_TRUSTED_FIRMWARE_FIP=y), the
> TF-A build recipe starts by building the host program fiptool with the
> proper build environment variables. Then the main TF-A target firmware
> build step takes place, with the expectation that the fiptool program will
> be used under the hood if necessary.
>
> In TF-A, the build recipe for the host program fiptool has subtly changed
> after v2.7, in commit cf2dd17ddda2 ("refactor(security): add OpenSSL 1.x
> compatibility"). This change has the effect to force re-linking fiptool
> each time.
>
> If we try to build with Buildroot a fip firmware with a TF-A version after
> v2.7 comprising the aforementioned change, the fiptool program is forcibly
> re-linked during the main firmware build step. This happens without the
> proper build environment variables and consequently, if openssl is not
> installed on the host, the libcrypto shared library will not be found by
> the linker and the link will fail with the following error:
>
> /usr/bin/ld: cannot find -lcrypto: No such file or directory
>
> A patch has been integrated into TF-A to avoid re-linking fiptool when not
> necessary, which should solve the problem starting with version v2.10. Add
> that patch in Buildroot for versions v2.8 and v2.9, to repair the build in
> the cases described above.
>
> Fixes:
>
> https://gitlab.com/buildroot.org/buildroot/-/jobs/4664845767
>
> Signed-off-by: Vincent Stehlé <vincent.stehle@arm.com>
> Cc: Dick Olsson <hi@senzilla.io>
> Cc: Sergey Matyukevich <geomatsi@gmail.com>
> ---
[--SNIP--]
> diff --git a/boot/arm-trusted-firmware/v2.8/0001-build-tools-avoid-unnecessary-link.patch b/boot/arm-trusted-firmware/v2.8/0001-build-tools-avoid-unnecessary-link.patch
> new file mode 100644
> index 0000000000..9e0ea74248
> --- /dev/null
> +++ b/boot/arm-trusted-firmware/v2.8/0001-build-tools-avoid-unnecessary-link.patch
So now there are two files with the same numbered prefix, which defeats
the very purpose of having numbered prefixes. So I renumbered this new
patch as 0002.
[--SNIP--]
> diff --git a/boot/arm-trusted-firmware/v2.9/0001-build-tools-avoid-unnecessary-link.patch b/boot/arm-trusted-firmware/v2.9/0001-build-tools-avoid-unnecessary-link.patch
> new file mode 120000
> index 0000000000..e414b46e0f
> --- /dev/null
> +++ b/boot/arm-trusted-firmware/v2.9/0001-build-tools-avoid-unnecessary-link.patch
> @@ -0,0 +1 @@
> +../v2.8/0001-build-tools-avoid-unnecessary-link.patch
> \ No newline at end of file
I can understand the rationale for having a symlink, but in practice it
fails: if we ever remove/update/renumber the patch for v2.8, then the
symlink in v2.9 is dangling. Which happened when I renumbered the patch
in v2.8.
Instead, I just duplicated the patch in v2.9
Applied to master with these changes, thanks.
Regards,
Yann E. MORIN.
--
.-----------------.--------------------.------------------.--------------------.
| Yann E. MORIN | Real-Time Embedded | /"\ ASCII RIBBON | Erics' conspiracy: |
| +33 662 376 056 | Software Designer | \ / CAMPAIGN | ___ |
| +33 561 099 427 `------------.-------: X AGAINST | \e/ There is no |
| http://ymorin.is-a-geek.org/ | _/*\_ | / \ HTML MAIL | v conspiracy. |
'------------------------------^-------^------------------^--------------------'
_______________________________________________
buildroot mailing list
buildroot@buildroot.org
https://lists.buildroot.org/mailman/listinfo/buildroot
^ permalink raw reply [flat|nested] 6+ messages in thread* Re: [Buildroot] [PATCH v2] boot/arm-trusted-firmware: add patch to fix fiptool link
2023-07-21 13:09 ` [Buildroot] [PATCH v2] " Vincent Stehlé
2023-07-23 17:33 ` Yann E. MORIN
@ 2023-08-30 6:13 ` Peter Korsgaard
1 sibling, 0 replies; 6+ messages in thread
From: Peter Korsgaard @ 2023-08-30 6:13 UTC (permalink / raw)
To: Vincent Stehlé; +Cc: Sergey Matyukevich, Thomas Petazzoni, buildroot
>>>>> "Vincent" == Vincent Stehlé <vincent.stehle@arm.com> writes:
> When building a fip firmware (BR2_TARGET_ARM_TRUSTED_FIRMWARE_FIP=y), the
> TF-A build recipe starts by building the host program fiptool with the
> proper build environment variables. Then the main TF-A target firmware
> build step takes place, with the expectation that the fiptool program will
> be used under the hood if necessary.
> In TF-A, the build recipe for the host program fiptool has subtly changed
> after v2.7, in commit cf2dd17ddda2 ("refactor(security): add OpenSSL 1.x
> compatibility"). This change has the effect to force re-linking fiptool
> each time.
> If we try to build with Buildroot a fip firmware with a TF-A version after
> v2.7 comprising the aforementioned change, the fiptool program is forcibly
> re-linked during the main firmware build step. This happens without the
> proper build environment variables and consequently, if openssl is not
> installed on the host, the libcrypto shared library will not be found by
> the linker and the link will fail with the following error:
> /usr/bin/ld: cannot find -lcrypto: No such file or directory
> A patch has been integrated into TF-A to avoid re-linking fiptool when not
> necessary, which should solve the problem starting with version v2.10. Add
> that patch in Buildroot for versions v2.8 and v2.9, to repair the build in
> the cases described above.
> Fixes:
> https://gitlab.com/buildroot.org/buildroot/-/jobs/4664845767
> Signed-off-by: Vincent Stehlé <vincent.stehle@arm.com>
> Cc: Dick Olsson <hi@senzilla.io>
> Cc: Sergey Matyukevich <geomatsi@gmail.com>
> ---
> Changes v1 -> v2:
> - Add Fixes: mention (suggested by Thomas)
Committed to 2023.02.x and 2023.05.x, thanks.
--
Bye, Peter Korsgaard
_______________________________________________
buildroot mailing list
buildroot@buildroot.org
https://lists.buildroot.org/mailman/listinfo/buildroot
^ permalink raw reply [flat|nested] 6+ messages in thread
end of thread, other threads:[~2023-08-30 6:13 UTC | newest]
Thread overview: 6+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2023-07-19 12:53 [Buildroot] [PATCH] boot/arm-trusted-firmware: add patch to fix fiptool link Vincent Stehlé
2023-07-20 21:28 ` Thomas Petazzoni via buildroot
2023-07-21 12:58 ` Vincent Stehlé
2023-07-21 13:09 ` [Buildroot] [PATCH v2] " Vincent Stehlé
2023-07-23 17:33 ` Yann E. MORIN
2023-08-30 6:13 ` Peter Korsgaard
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox