From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 4C382FD5F85 for ; Wed, 8 Apr 2026 07:22:32 +0000 (UTC) Received: from GVXPR05CU001.outbound.protection.outlook.com (GVXPR05CU001.outbound.protection.outlook.com [52.101.83.8]) by mx.groups.io with SMTP id smtpd.msgproc01-g2.100586.1775631960214858897 for ; Wed, 08 Apr 2026 00:06:00 -0700 Authentication-Results: mx.groups.io; dkim=fail reason="dkim: body hash did not verify" header.i=@mt.com header.s=selector2 header.b=xi7XJzk2; spf=permerror, err=parse error for token &{10 18 %{i}._ip.%{h}._ehlo.%{d}._spf.vali.email}: invalid domain name (domain: mt.com, ip: 52.101.83.8, mailfrom: wojciech.dubowik@mt.com) ARC-Seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none; b=HucyanC9jCwq65QHnsVZAnw/BXuGOuyIB9p7DpiSOkd2uNIApQ35pt6m4mQaLvfCl2zBQwxrhQXEnCbHvhbj3NPCkt0cBOM1V/A+r/QL9RsT98fTV6mmpRVTZ05pXFIuNzpht4r2sJftQVQW5wIzj1/PJ/APnorh0FgsZWgEEd0Me7h/AN/jTJL4KfcUJHYH7emLPKhb6/wEoH4V26YSUZ8tRcymS3cw6kwoxFm0L4oXnQlzI9/+K1TvdUkwWkZK3DezfWHDw1xqHRK04mLNW1SgzauzrE0qrbqvq10F1+XZhmcMINNUapQejjZ7ZrLUfxeCf/FFaSRhSFB3tRQ5/w== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector10001; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=zvNv38047MuMT1OoHbm3W8uzdHJA+SdBgZ4ZKn7JVKY=; b=ipdiqD/ct2k8AnzVbzhxNNpQobOO+FKtWH+7mxTKIhPyOhEW32QPVMXnes8VgBzCx4DPcC9EqTljEoCsKNNrbHTbhiszOxU5zStHNT/s/fS5IV6vHoSxDi2EwqUcAhdf0YAhHqSuG2vbKIsJOOmum0k5A2m2VRxUFL/t1cqQtt5e6Z3walW2x9Q6lIpEDCMWk3n0/HfJhYxIc5SFKtapEj680L7llIyKCC4mHORqYmw08cTHQEAzccAWCT6umRvd+cTDtT3X2B/Atf7tWfTGRXv/f1Ytyzvjt6oonFgXdc4Or6J3ccH4fNt0NfmcG/G7DTMFU7LaWNYclQkI0qQPjQ== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=mt.com; dmarc=pass action=none header.from=mt.com; dkim=pass header.d=mt.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=mt.com; s=selector2; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=zvNv38047MuMT1OoHbm3W8uzdHJA+SdBgZ4ZKn7JVKY=; b=xi7XJzk2DAPBJzk0WdONozqi6iEUqs6xJLKjY5O5XytwouHfOayh8A0D1kj9x2Imsvwv0+wLdT6aCKJe0hDZ+E+8nwSOxaUTZ5jsq+0bo6fX2c0NsGvKS6xPlKlgW7O4VsKHxFd/Y+UT3oppFiIUhnYB53gK0xfBiSUeDE7W6PArYbCD5EnRGo2CO/5AAeM/fLQsWVV3EE6821vuY5Ax0zNTJMSs1cnJ3Yeei4ZOi9Wh3iUlU6LW1SeSeGM0DOFdupS11Zg1W66XbwzMtCI6ix0H8+3DMCBIuF5PnWYq7Ibo2mm8mnhOa0fu8vLZkFfcNouq4ZnvEzQA4EfvYdjHAw== Authentication-Results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=mt.com; Received: from DB9PR03MB7180.eurprd03.prod.outlook.com (2603:10a6:10:22d::13) by DB9PR03MB7179.eurprd03.prod.outlook.com (2603:10a6:10:224::20) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.9769.17; Wed, 8 Apr 2026 06:50:52 +0000 Received: from DB9PR03MB7180.eurprd03.prod.outlook.com ([fe80::6fd2:12a9:4423:8ddc]) by DB9PR03MB7180.eurprd03.prod.outlook.com ([fe80::6fd2:12a9:4423:8ddc%6]) with mapi id 15.20.9769.016; Wed, 8 Apr 2026 06:50:52 +0000 Date: Wed, 8 Apr 2026 08:50:41 +0200 From: Wojciech Dubowik To: Franz Schnyder CC: openembedded-core@lists.openembedded.org, u-boot@lists.denx.de, simon.glass@canonical.com, Francesco Dolcini Subject: Re: - Host GnuTLS now needs pkcs11 support Message-ID: References: In-Reply-To: X-ClientProxiedBy: ZR0P278CA0055.CHEP278.PROD.OUTLOOK.COM (2603:10a6:910:21::6) To DB9PR03MB7180.eurprd03.prod.outlook.com (2603:10a6:10:22d::13) MIME-Version: 1.0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: DB9PR03MB7180:EE_|DB9PR03MB7179:EE_ X-MS-Office365-Filtering-Correlation-Id: f419e073-0854-4fe8-6275-08de953b2cef X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0;ARA:13230040|376014|52116014|19092799006|366016|1800799024|56012099003|18002099003|22082099003|38350700014; X-Microsoft-Antispam-Message-Info: GEKq2mzvLtC8tBimtFj4KJk4QbrcMl0cXQJk8l0B31tebHBagWik0eIRBbwX1G+0a6yi1Nu6VfCmAI8vo8eyrCMjKtwAHO+irs+hRozX80cbMmOnBLz5I5UrCoe6llcjL08Zz/oRRyYbFO1pTKkr4ZyilBg8BHiAZAT8n0pegxy2kyuYCVVFff1eG5NasBh8tePpq6l0mpH1XOoGUX75PtXc7QYT0Jv3/OpQJ92NYu3mu7qXfkqbnI2NMBoONWUOvDMUAABMKCATQviIvycYcWDPEfoZl5fpXk92F/sH9/OruIXl+qaWw3zLaiBcONIbsTDOAxJ/DZl6KVKeJLV8MyThqDPjwimy9GnmXXnU3skCeGlQ1+LvSecArxNLDeRYdvOSGJAH9a5RbE6KpZMRyoDBt/yGXd+RIWdveYS4WF7q+ruUggcZbge7YWk2hEPTws+8rwUc9RxPgWgnCtt13hdHcLr2BBplvsOs8psHDiNkwQffTMPsXmRdcrbwEW4FS7UAfRj5Zel82i7Xke8EcBXPzLxe0pdBsNPnP0SEhJ6FKRIPZepSaeLSECIBujNa5mxNxXhmWlcdy5gGCHP7e4TXeoD5GXKy0o/v0YiI2ZN1MdEG14ilcWq4JLjx8QLDlGO7QY2ExrFcAIRazqVLrXIGeaIVaPqMf68gmwi/jUUhx5+wN8ecjg6J4tlJbMFvjETTMSfYfzOI6x5wTeWvc/m9pt38z7tHZUdKXeih/SXgPYoUCjTwYwqJUcpBoyO+RpeWdUG+SdZOszqbmrXPEpkMAbPL3Z7jzXF44VLtmT4= X-Forefront-Antispam-Report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:DB9PR03MB7180.eurprd03.prod.outlook.com;PTR:;CAT:NONE;SFS:(13230040)(376014)(52116014)(19092799006)(366016)(1800799024)(56012099003)(18002099003)(22082099003)(38350700014);DIR:OUT;SFP:1101; X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1 X-MS-Exchange-AntiSpam-MessageData-0: =?iso-8859-1?Q?W1iyOekNRQLyJp7foRufgwwAkcdXmWBA4n+gF4MdAXooUcKx67RMsp6Ngr?= =?iso-8859-1?Q?tZQ7cwtlwL3/1XLuUj4Gwu09CrO3ON1AuSHyL94qZgfxFW1Isk1szIFtu0?= =?iso-8859-1?Q?Xixtj6aKPECfL1PFWvIEbCVYHAzzA6uaz+mE7KeiJpIr73pejn3JZjKYqm?= =?iso-8859-1?Q?+SONEIeQzh0ruD8mrHB7PhzKz2GRYCKIGS0pcU6zeFxR0nNOAsXuwhPj/J?= =?iso-8859-1?Q?+HJRILYGd8vF3ptK3GXQSZJAtYDXY5iLoYRCaPhU3nL99zfzm/u7ff53lT?= =?iso-8859-1?Q?qXoR6YlQjYXKkLwyjr3xLig6/67nyh5ZLGEDQ6XvCcnPe/Fdwrr5xZ4Hnf?= =?iso-8859-1?Q?8OBj8Lg4lSPRMVq6pNcuzWs1dFYLsA1DVw9NPxCScyaDWJVHkwbF5yWF2y?= =?iso-8859-1?Q?hJ5MO5wyAR5//vX3VPPr/q29Nk6e6ok+nlxFc1dne82DTxPoSI72hPRvxk?= =?iso-8859-1?Q?ZDfr2nU4G8eLQKY9XQt44GaWoVzn1kImrjXiIUml8iFq0IsNQHHHuCB31K?= =?iso-8859-1?Q?6aT3WN5r6zLLX5gtIE5RD5kAG/lHVuAcMADKwB0DF1tD7umX0xSIrtFFsQ?= =?iso-8859-1?Q?O5seOA6F6Zs5Kya3A4xasGF/ei36YA3E9BlXqSMJ4bRB9o1mcda7uptQ2b?= =?iso-8859-1?Q?ZKdDMW3G41bJTo8x0xx47m1RFzaYU0mM08seSg99uP96i1AVHnhkomyTaC?= =?iso-8859-1?Q?EW+9JhwFWcMjt65YeHBT1kAkU4UG57Wlgnr+TIJAj+ozVvkxsDuuuhfQcI?= =?iso-8859-1?Q?ARYdJuWnNw/rpvSNiGhzVzJruVulehpGAGe5diZ0N7hmbhdzGd7Ou1HvA1?= =?iso-8859-1?Q?zPFJiVn0vELZ+snR3SVoq1IPVoZtmtM4aKfqPIX7hfMjoQcyc4swpbUk+I?= =?iso-8859-1?Q?ydj5cT9beQZMW91had5nfBzKAExmtS4X18mrPQNyh1JzR+esOC/uX7Q+BM?= =?iso-8859-1?Q?rWCr//2H38JWqPe1Wfc3BkDIoQLGYU88wSxj1K2C7gPldK5On/1ZVCqOjC?= =?iso-8859-1?Q?+iGnuxlZmeLz9+Wh2zZV9Q1NUo6cdJ3tJzzZo4v8JH43yf7hgmMWFwrpiV?= =?iso-8859-1?Q?603oem1YdWUsaGdHbcFgNFYmDJFI5KfNHhogBjSVA52u7mSnn5oEvHuGu8?= =?iso-8859-1?Q?eSt7NZNBsm7jjo9iZG7qrE04dlwcmg2pldvcdX7km2wNLoom9U3pTlz1KH?= =?iso-8859-1?Q?JzMcbNpfdqwlcOSITRhjn7rLLuEAwJPqZGc5Gkw6wZ19ywAAuqdi2+Fx8z?= =?iso-8859-1?Q?/leZ3W1qUGKu/w5rBJQjutFl4d3XpZJNNGNqOFjyn0LVBnyQO+pHAPFboq?= =?iso-8859-1?Q?Ua7lBHJwlGZ7LVFPFDtPS7AxmTfLxCo8dUl0V3a7v5vdr55Ptw3sHiqPBC?= =?iso-8859-1?Q?bH8mSIV80Q+baTv+36lnGIR6TL8+f0uklRROXPPLt0ue3rfKOVYl4QEm09?= =?iso-8859-1?Q?yp6bZJzwHqM5XPFcUOMs7hZWgB4io0R23iOfvObOdbJ+vnZEt3YsW0NQfw?= =?iso-8859-1?Q?XGmhXA6IgKy7hr1xL9akyqsEni8CNyf0iQLQjB+SuIdZeY43gb3Vdj1Zyf?= =?iso-8859-1?Q?uMqwryTvcfIujdQo1RQGzTClBnLFwSRy6toTVsm79RZowP3/ULDiY6uWYM?= =?iso-8859-1?Q?etzBN0Ih/muZfeLUf2JGEcAkCQOBYiw4Q3lIQDSDj02TvACikdXwfBZGeg?= =?iso-8859-1?Q?1HudWdzbjZ+gFod8io+WZEfF3Kkwk7VhdEmRypH6JRurlYASxhGoOk75/h?= =?iso-8859-1?Q?sZ72C+OSxB1h1mLjBf+KEVthR33iGC84HfFFFGUEW9kQ8eAnKeAUgZNEk/?= =?iso-8859-1?Q?xRUjfxsGCw=3D=3D?= X-OriginatorOrg: mt.com X-MS-Exchange-CrossTenant-Network-Message-Id: f419e073-0854-4fe8-6275-08de953b2cef X-MS-Exchange-CrossTenant-AuthSource: DB9PR03MB7180.eurprd03.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 08 Apr 2026 06:50:52.4594 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: fb4c0aee-6cd2-482f-a1a5-717e7c02496b X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: 73rXUULnDqoKmSldRyzFEyhe/bCMlJ1SBo08g1b0qj+KbopnV/HUQUJgUjJFOBugaD9qMqf6dfCjuWAH4n/krg== X-MS-Exchange-Transport-CrossTenantHeadersStamped: DB9PR03MB7179 Content-Type: text/plain; charset=iso-8859-1 Content-Disposition: inline Content-Transfer-Encoding: quoted-printable List-Id: X-Webhook-Received: from 45-33-107-173.ip.linodeusercontent.com [45.33.107.173] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Wed, 08 Apr 2026 07:22:32 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/234815 On Tue, Apr 07, 2026 at 06:15:13PM +0200, Franz Schnyder wrote: Hello Franz, > Hello Wojciech, >=20 > with commit 0c716a157be ("tools: mkeficapsule: Add support for pkcs11"), > mkeficapsule now references to pkcs11 related symbols. >=20 > This breaks our OE builds because it causes link failures for=20 > configurations that build mkeficapsule when the host gnutls is=20 > built without pkcs11 support: > ``` > undefined reference to `gnutls_pkcs11_obj_list_import_url4' > undefined reference to `gnutls_x509_crt_import_pkcs11' > undefined reference to `gnutls_pkcs11_init' > undefined reference to `gnutls_pkcs11_add_provider' > undefined reference to `gnutls_pkcs11_deinit' > ``` > On the OE side, enabling support in gnutls via p11-kit fixes the failures= . > However, I wonder what the cleanest solution would be. Should this new=20 > host requirement for pkcs11 be handled in the U-Boot OE recipe,=A0 or is > there a better way to approach this correctly? >=20 > Any ideas? I could add disable compile flag in mkeficapsule if there are no objections= . Sth like this in pkcs11 places: +#ifndef DISABLE_PKCS11 ret =3D gnutls_privkey_import_pkcs11_url(pkey, ctx->key_fil= e); [...] +#else + fprintf(stdout, "Pkcs11 support is disabled\n"); + return -1; +#endif This way OE or possibly openwrt don't need to patch. Regards, Wojtek >=20 > Kind regards >=20 > Franz