From: Tom Rini <trini@konsulko.com>
To: u-boot@lists.denx.de
Subject: [PATCH v2 00/16] efi_loader: add secure boot support
Date: Wed, 11 Dec 2019 15:28:37 -0500 [thread overview]
Message-ID: <20191211202837.GZ9549@bill-the-cat> (raw)
In-Reply-To: <20191211021041.GD22427@linaro.org>
On Wed, Dec 11, 2019 at 11:10:42AM +0900, AKASHI Takahiro wrote:
> On Tue, Dec 10, 2019 at 08:54:12PM -0500, Tom Rini wrote:
> > On Wed, Dec 11, 2019 at 09:41:56AM +0900, AKASHI Takahiro wrote:
> > > Simon,
> > >
> > > On Wed, Dec 04, 2019 at 05:28:59PM +0900, AKASHI Takahiro wrote:
> > > > On Wed, Dec 04, 2019 at 08:31:26AM +0100, Heinrich Schuchardt wrote:
> > > > > On 12/4/19 3:43 AM, AKASHI Takahiro wrote:
> > > > > >Tom, Simon, Heinrich,
> > > > > >
> > > > > >I have submitted three major patch sets for UEFI secure boot:
> > > > > >* x509/pkcs7 parser
> > > > > >* RSA library extension
> > > > > >* UEFI secure boot
> > > > > >
> > > > > >I have no technical issues to fix now and have seen only a few minor
> > > > > >comments on them (if I confirm that you have no more comments,
> > > > > >I can submit new version almost immediately).
> > > > > >Considering those, can I expect that those patches be merged
> > > > > >in v2020.01?
> > > > > >
> > > > > >If not, do you need to have more time for your reviewing?
> > > > > >What else do you expect from my side to accelerate the upstream?
> > > > >
> > > > > We are reaching the end of the release cycle. So do not expect any of
> > > > > these patch series to be merged in v2020.01.
> > > > > cf. https://www.denx.de/wiki/U-Boot/ReleaseCycle
> > > >
> > > > I have often seen several patches (not bug fix) merged
> > > > even after "merge window".
> > > > Anyway,
> > > >
> > > > > To my understanding the UEFI secure boot series depends on the other two
> > > > > so it must be merged last.
> > > >
> > > > So once the first two patch set are accepted by the maintainers,
> > > > do you agree to merging the third one (i.e. secure boot patch itself)
> > > > promptly?
> > > > -> Heinrich
> > > >
> > > > As I said, I have had no technical issues on the first two patches
> > > > and haven't heard any comments/objections from the maintainers so far.
> > > > Are you willing to accept them for the next release?
> > > > -> Tom, Simon
> > >
> > > Can you confirm that you have queued my "RSA library extension" patch
> > > in your -next(?) branch, please?
> >
> > Please note that I raised a concern with the RSA patch series that needs
> > to be addressed. There's unexplained / unexpected size growth on
> > platforms that aren't otherwise enabling new features. Thanks!
>
> I misunderstood your statement there.
> Questions:
> 1) How did you measure the size growth?
> Please specify the exact command(s).
> 2) Did you use T1042RDB_PI_NAND_SECURE_BOOT_defconfig without any change?
So, I have the following script for doing size tests:
#!/bin/bash
# Initial and constant buildman args
ARGS="-devl"
ALL=0
KEEP=0
# Find our arguments
while test $# -ne 0; do
if [ "$1" == "--all" ]; then
ALL=1
shift 1
elif [ "$1" == "--branch" ]; then
BRANCH=$2
shift 2
elif [ "$1" == "--keep" ]; then
KEEP=1
ARGS="$ARGS -k"
shift 1
else
MACHINE=$1
shift
fi
done
if [ -z $MACHINE ]; then
echo Usage: $0 MACHINE [--all] [--keep] [--branch BRANCH]
exit 1
fi
# If not all, then only first/last
if [ $ALL -ne 1 ]; then
ARGS="$ARGS --step 0"
fi
if [ ! -z $BRANCH ]; then
ARGS="$ARGS -b $BRANCH"
else
ARGS="$ARGS -b `git rev-parse --abbrev-ref HEAD`"
fi
mkdir -p /tmp/$MACHINE
export SOURCE_DATE_EPOCH=`date +%s`
./tools/buildman/buildman -o /tmp/$MACHINE $ARGS -SBC $MACHINE
./tools/buildman/buildman -o /tmp/$MACHINE $ARGS -SsB $MACHINE
[ $KEEP -eq 0 ] && rm -rf /tmp/$MACHINE
And yes, I applied just the series and built the world. The
T1042RDB_PI_NAND_SECURE_BOOT_defconfig config along with a handful of
other PowerPC platforms (also of the _SECURE_BOOT variety) had the same
size growth. I didn't bisect down to the specific commit in question at
the time.
--
Tom
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: not available
URL: <https://lists.denx.de/pipermail/u-boot/attachments/20191211/6f49addb/attachment.sig>
prev parent reply other threads:[~2019-12-11 20:28 UTC|newest]
Thread overview: 34+ messages / expand[flat|nested] mbox.gz Atom feed top
2019-11-26 0:51 [U-Boot] [PATCH v2 00/16] efi_loader: add secure boot support AKASHI Takahiro
2019-11-26 0:51 ` [U-Boot] [PATCH v2 01/16] include: pe.h: add signature-related definitions AKASHI Takahiro
2019-11-26 2:55 ` Heinrich Schuchardt
2019-11-26 0:51 ` [U-Boot] [PATCH v2 02/16] efi_loader: add CONFIG_EFI_SECURE_BOOT config option AKASHI Takahiro
2019-11-26 0:51 ` [U-Boot] [PATCH v2 03/16] efi_loader: add signature verification functions AKASHI Takahiro
2019-11-26 11:55 ` Ilias Apalodimas
2019-11-27 1:29 ` AKASHI Takahiro
2019-11-26 0:51 ` [U-Boot] [PATCH v2 04/16] efi_loader: add signature database parser AKASHI Takahiro
2019-11-28 14:21 ` Ilias Apalodimas
2019-11-28 14:49 ` Ilias Apalodimas
2019-12-02 0:49 ` AKASHI Takahiro
2019-11-26 0:51 ` [U-Boot] [PATCH v2 05/16] efi_loader: variable: support variable authentication AKASHI Takahiro
2019-11-26 0:51 ` [U-Boot] [PATCH v2 06/16] efi_loader: variable: add secure boot state transition AKASHI Takahiro
2019-11-26 0:51 ` [U-Boot] [PATCH v2 07/16] efi_loader: variable: add VendorKeys variable AKASHI Takahiro
2019-11-26 0:51 ` [U-Boot] [PATCH v2 08/16] efi_loader: image_loader: support image authentication AKASHI Takahiro
2019-11-26 0:51 ` [U-Boot] [PATCH v2 09/16] efi_loader: set up secure boot AKASHI Takahiro
2019-11-26 0:51 ` [U-Boot] [PATCH v2 10/16] cmd: env: use appropriate guid for authenticated UEFI variable AKASHI Takahiro
2019-11-26 0:51 ` [U-Boot] [PATCH v2 11/16] cmd: env: add "-at" option to "env set -e" command AKASHI Takahiro
2019-11-26 0:51 ` [U-Boot] [PATCH v2 12/16] efi_loader, pytest: set up secure boot environment AKASHI Takahiro
2019-11-26 0:51 ` [U-Boot] [PATCH v2 13/16] efi_loader, pytest: add UEFI secure boot tests (authenticated variables) AKASHI Takahiro
2019-11-26 0:51 ` [U-Boot] [PATCH v2 14/16] efi_loader, pytest: add UEFI secure boot tests (image) AKASHI Takahiro
2019-11-26 0:51 ` [U-Boot] [PATCH v2 15/16] sandbox: add extra configurations for UEFI and related tests AKASHI Takahiro
2019-11-26 0:51 ` [U-Boot] [PATCH v2 16/16] travis: add packages for UEFI secure boot test AKASHI Takahiro
2019-12-05 15:44 ` Tom Rini
2019-11-26 1:23 ` [U-Boot] [PATCH v2 00/16] efi_loader: add secure boot support AKASHI Takahiro
2019-11-28 13:48 ` Ilias Apalodimas
2019-12-04 2:43 ` AKASHI Takahiro
2019-12-04 7:31 ` Heinrich Schuchardt
2019-12-04 8:28 ` AKASHI Takahiro
2019-12-04 23:58 ` Tom Rini
2019-12-11 0:41 ` AKASHI Takahiro
2019-12-11 1:54 ` Tom Rini
2019-12-11 2:10 ` AKASHI Takahiro
2019-12-11 20:28 ` Tom Rini [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20191211202837.GZ9549@bill-the-cat \
--to=trini@konsulko.com \
--cc=u-boot@lists.denx.de \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox