From mboxrd@z Thu Jan 1 00:00:00 1970 From: Ilias Apalodimas Date: Thu, 16 May 2019 14:19:09 +0300 Subject: [U-Boot] RSA in U-Boot In-Reply-To: <20190516111359.GQ22232@bill-the-cat> References: <20190318021712.GC9937@linaro.org> <20190425021223.GH7158@linaro.org> <99c1f624-be7f-b6ab-10be-420129670dbf@csgraf.de> <747471f3-4490-bfe7-7369-68846f2b4ea3@redhat.com> <422971965.15677087.1556343097301.JavaMail.zimbra@redhat.com> <4b32b851-181e-5846-c5b0-17cadae06f33@gmx.de> <20190516103902.C27F1245E45@gemini.denx.de> <20190516104554.GA15680@apalos> <20190516111359.GQ22232@bill-the-cat> Message-ID: <20190516111909.GA24065@apalos> List-Id: MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit To: u-boot@lists.denx.de Hi Tom, > > On Thu, May 16, 2019 at 12:39:02PM +0200, Wolfgang Denk wrote: > > Hello Wolfgang, > > > > Thanks for taking the time with this > > > > > > > > There is LibreSSL as well which is a fork of openssl. Guess that too should > > > > be fine. What would be the more preferred solution here. The relevant bits > > > > can be imported from the kernel code into u-boot, or there can be a > > > > solution with linking of ssl/tls library with u-boot. Which would be the > > > > more preferred solution. It'd be great if the maintainers can comment on > > > > this. Thanks. > > > > > > I'd go for the Linux kernel code. A number of issues we have here > > > (cross compiling, code size, license compatibility, long term > > > maintenance efforts) have already been considered there, so why > > > should we duplicate all these efforts? And if we did, is there any > > > clear benefit from doing this? > > Well someone has to port the linux code in U-Boot and maintain it though. > > > > The LibreSSL proposal was made with some of these in mind. > > We don't expect the licence to ever change (which is compatible) > > and it's being maintained. > > I am not sure on the portability status, but i think it runs on all major > > architectures. > > > > I'd imagine this lifts the maintenance burden from U-Boot. On the other > > hand we'll rely on an external library to offer the functionality. > > I don't see how using LibreSSL instead of Linux kernel code would have a > lesser maintenance burden, sorry. If anything, given the number of > parts of the code we have today that come from the Linux kernel, adding > one more to the "keep in sync, or at least port bugfixes" list is less > than "add a new external project to keep an eye on". > Right then we know what we have to do. Kernel code it is. Thanks a lot /Ilias