Re: [Buildroot] [PATCH] boot/arm-trusted-firmware: fix the RPATH of fiptool

From: Baruch Siach via buildroot <buildroot@buildroot.org>
To: Louis Chauvet <louis.chauvet@bootlin.com>
Cc: kory.maincent@bootlin.com, geomatsi@gmail.com,
	thomas.petazzoni@bootlin.com, buildroot@buildroot.org
Subject: Re: [Buildroot] [PATCH] boot/arm-trusted-firmware: fix the RPATH of fiptool
Date: Wed, 06 Dec 2023 19:05:06 +0200	[thread overview]
Message-ID: <87h6kvckwc.fsf@tarshish> (raw)
In-Reply-To: <20231206164437.22191-1-louis.chauvet@bootlin.com>

Hi Louis,

On Wed, Dec 06 2023, Louis Chauvet via buildroot wrote:
> The arm-trusted-firmware package builds a host tool called "fiptool",
> which is used during the build process of arm-trusted-firmware
> itself. This tool links against the OpenSSL host library, and
> therefore needs to be built with the correct RPATH pointing to
> $HOST_DIR/lib.
>
> This is why commit a957d9a90ade4194dffe3eb2fc0136bc5d077c28
> ("boot/arm-trusted-firmware: build fiptool separately with dependency
> o n host-openssl") added the ARM_TRUSTED_FIRMWARE_BUILD_FIPTOOL
> variable, which builds the fiptool tool first, with the right
> variables set, before invoking the full build of TF-A. This ensured
> that fiptool was built with the correct RPATH.
>
> However, more recent versions of TF-A have modified their Makefile
> machinery, and fiptool is being rebuilt even if it was built
> before. Unfortunately, this rebuild is no longer done with the right
> flags, so we end up with a fiptool binary that no longer has the right
> RPATH, and fiptool fails to find the OpenSSL libraries from
> $HOST_DIR/lib.
>
> In order to fix this, we take a different approach: we do not build
> fiptool separately first, but we inject the necessary flags through
> the HOSTCC variable. Indeed, there's no HOST_LDFLAGS or HOST_LDLIBS
> variable or similar that would allow us to pass the -Wl,-rpath flag
> that is needed. Shoe-horning this flag into HOSTCC gets the job done,
> and actually simplifies our arm-trusted-firmware.mk.

The code this patch removes tries to keep compatibility with TF-A
versions earlier than 1.3. This patch relies on HOSTCC that was only
introduced in TF-A version 1.4 with upstream commit 72610c4102990
("build: Introduce HOSTCC flag"). I guess losing compatibility with
older TF-A is fine, since all Buildroot in-tree configs appear to use
newer versions. But I think this should at least be mentioned in the
commit log.

baruch

>
> Signed-off-by: Louis Chauvet <louis.chauvet@bootlin.com>
> Co-authored-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
> ---
>  .../arm-trusted-firmware/arm-trusted-firmware.mk | 16 ++--------------
>  1 file changed, 2 insertions(+), 14 deletions(-)
>
> diff --git a/boot/arm-trusted-firmware/arm-trusted-firmware.mk b/boot/arm-trusted-firmware/arm-trusted-firmware.mk
> index 049beed36a91..bed873a1821c 100644
> --- a/boot/arm-trusted-firmware/arm-trusted-firmware.mk
> +++ b/boot/arm-trusted-firmware/arm-trusted-firmware.mk
> @@ -63,7 +63,8 @@ ARM_TRUSTED_FIRMWARE_MAKE_OPTS += \
>  	BUILD_STRING=$(ARM_TRUSTED_FIRMWARE_VERSION) \
>  	$(call qstrip,$(BR2_TARGET_ARM_TRUSTED_FIRMWARE_ADDITIONAL_VARIABLES)) \
>  	PLAT=$(ARM_TRUSTED_FIRMWARE_PLATFORM) \
> -	TARGET_BOARD=$(ARM_TRUSTED_FIRMWARE_TARGET_BOARD)
> +	TARGET_BOARD=$(ARM_TRUSTED_FIRMWARE_TARGET_BOARD) \
> +	HOSTCC="$(HOSTCC) $(HOST_LDFLAGS)"
>  
>  ifeq ($(BR2_TARGET_ARM_TRUSTED_FIRMWARE_SSP),y)
>  ARM_TRUSTED_FIRMWARE_MAKE_OPTS += \
> @@ -147,18 +148,6 @@ ARM_TRUSTED_FIRMWARE_MAKE_TARGETS = all
>  ifeq ($(BR2_TARGET_ARM_TRUSTED_FIRMWARE_FIP),y)
>  ARM_TRUSTED_FIRMWARE_MAKE_TARGETS += fip
>  ARM_TRUSTED_FIRMWARE_DEPENDENCIES += host-openssl
> -# fiptool only exists in newer (>= 1.3) versions of ATF, so we build
> -# it conditionally. We need to explicitly build it as it requires
> -# OpenSSL, and therefore needs to be passed proper variables to find
> -# the host OpenSSL.
> -define ARM_TRUSTED_FIRMWARE_BUILD_FIPTOOL
> -	if test -d $(@D)/tools/fiptool; then \
> -		$(TARGET_CONFIGURE_OPTS) $(MAKE) -C $(@D)/tools/fiptool \
> -			$(ARM_TRUSTED_FIRMWARE_MAKE_OPTS) \
> -			CPPFLAGS="$(HOST_CPPFLAGS)" \
> -			LDLIBS="$(HOST_LDFLAGS) -lcrypto" ; \
> -	fi
> -endef
>  endif
>  
>  ifeq ($(BR2_TARGET_ARM_TRUSTED_FIRMWARE_RCW),y)
> @@ -206,7 +195,6 @@ define ARM_TRUSTED_FIRMWARE_BUILD_CMDS
>  	$(if $(ARM_TRUSTED_FIRMWARE_CUSTOM_DTS_PATH),
>  		cp -f $(ARM_TRUSTED_FIRMWARE_CUSTOM_DTS_PATH) $(@D)/fdts/
>  	)
> -	$(ARM_TRUSTED_FIRMWARE_BUILD_FIPTOOL)
>  	$(ARM_TRUSTED_FIRMWARE_MAKE_ENV) $(MAKE) -C $(@D) \
>  		$(ARM_TRUSTED_FIRMWARE_MAKE_OPTS) \
>  		$(ARM_TRUSTED_FIRMWARE_MAKE_TARGETS)

-- 
                                                     ~. .~   Tk Open Systems
=}------------------------------------------------ooO--U--Ooo------------{=
   - baruch@tkos.co.il - tel: +972.52.368.4656, http://www.tkos.co.il -
_______________________________________________
buildroot mailing list
buildroot@buildroot.org
https://lists.buildroot.org/mailman/listinfo/buildroot