From: Andre Przywara <andre.przywara@arm.com>
To: Samuel Holland <samuel@sholland.org>
Cc: "Pali Rohár" <pali@kernel.org>,
u-boot@lists.denx.de, "Jagan Teki" <jagan@amarulasolutions.com>,
"AKASHI Takahiro" <takahiro.akashi@linaro.org>,
"Alexandru Gagniuc" <mr.nuke.me@gmail.com>,
"Baruch Siach" <baruch@tkos.co.il>,
"Bharat Gooty" <bharat.gooty@broadcom.com>,
"Chris Packham" <judge.packham@gmail.com>,
"Fabio Estevam" <festevam@gmail.com>,
"Frieder Schrempf" <frieder.schrempf@kontron.de>,
"Jernej Skrabec" <jernej.skrabec@siol.net>,
"Marek Behún" <marek.behun@nic.cz>,
"NXP i.MX U-Boot Team" <uboot-imx@nxp.com>,
"Naoki Hayama" <naoki.hayama@lineo.co.jp>,
"Patrick Delaunay" <patrick.delaunay@foss.st.com>,
"Priyanka Jain" <priyanka.jain@nxp.com>,
"Rayagonda Kokatanur" <rayagonda.kokatanur@broadcom.com>,
"Simon Glass" <sjg@chromium.org>, "Stefan Roese" <sr@denx.de>,
"Stefano Babic" <sbabic@denx.de>,
"Sughosh Ganu" <sughosh.ganu@linaro.org>,
"Trevor Woerner" <twoerner@gmail.com>,
lauri.hintsala@silabs.com
Subject: Re: [PATCH v2 1/4] tools: Separate image types which depend on OpenSSL
Date: Tue, 24 Aug 2021 01:51:31 +0100 [thread overview]
Message-ID: <20210824015131.31e17240@slackpad.fritz.box> (raw)
In-Reply-To: <bc642954-4dd3-4bd9-ac52-0631a763981d@sholland.org>
On Sun, 22 Aug 2021 12:32:40 -0500
Samuel Holland <samuel@sholland.org> wrote:
Hi Samuel,
> On 8/22/21 4:58 AM, Pali Rohár wrote:
> > Hello!
> >
> > On Saturday 21 August 2021 23:46:45 Samuel Holland wrote:
> >> Some image types always depend on OpenSSL, so they can only be included
> >> in mkimage when TOOLS_LIBCRYPTO is selected. Instead of using arbitrary
> >> preprocessor definitions, conditionally link the files.
> >>
> >> When building for platforms which use those image types, automatically
> >> select TOOLS_LIBCRYPTO, it is required for the build to complete.
> >>
> >> Signed-off-by: Samuel Holland <samuel@sholland.org>
> >> ---
> >>
> >> Changes in v2:
> >> - Refactored the first patch on top of TOOLS_LIBCRYPTO
> >>
> >> arch/arm/mach-imx/mxs/Kconfig | 2 ++
> >> arch/arm/mach-mvebu/Kconfig | 1 +
> >> scripts/config_whitelist.txt | 1 -
> >> tools/Makefile | 19 +++++--------------
> >> tools/mxsimage.c | 3 ---
> >> 5 files changed, 8 insertions(+), 18 deletions(-)
> >>
> >> diff --git a/arch/arm/mach-imx/mxs/Kconfig b/arch/arm/mach-imx/mxs/Kconfig
> >> index 9f48ffda414..24d452942a5 100644
> >> --- a/arch/arm/mach-imx/mxs/Kconfig
> >> +++ b/arch/arm/mach-imx/mxs/Kconfig
> >> @@ -3,6 +3,7 @@ if ARCH_MX23
> >> config MX23
> >> bool
> >> default y
> >> + select TOOLS_LIBCRYPTO
> >>
> >> choice
> >> prompt "MX23 board select"
> >> @@ -34,6 +35,7 @@ if ARCH_MX28
> >> config MX28
> >> bool
> >> default y
> >> + select TOOLS_LIBCRYPTO
> >>
> >> choice
> >> prompt "MX28 board select"
> >> diff --git a/arch/arm/mach-mvebu/Kconfig b/arch/arm/mach-mvebu/Kconfig
> >> index 89737a37ad9..c02521c71bc 100644
> >> --- a/arch/arm/mach-mvebu/Kconfig
> >> +++ b/arch/arm/mach-mvebu/Kconfig
> >> @@ -29,6 +29,7 @@ config ARMADA_38X
> >> bool
> >> select ARMADA_32BIT
> >> select HAVE_MVEBU_EFUSE
> >> + select TOOLS_LIBCRYPTO
> >
> > kwbimage format is used also by A375 and AXP platform. So rather put
> > this select into ARMADA_32BIT section.
>
> I can do this.
>
> > Moreover kwbimage format is used also by orion and kirkwood platforms.
> > So this dependency needs to be enabled on more places.
>
> Since you know where they should go, would you be willing to send a
> patch adding the additional "select"s?
>
> Side note: TOOLS_LIBCRYPTO=y is the default, so nobody seems to have
> noticed, but actually the build with TOOLS_LIBCRYPTO=n is broken since
> commit b4f3cc2c42d9 ("tools: kwbimage: Do not hide usage of secure
> header under CONFIG_ARMADA_38X"). So I will add a Fixes: tag in v3.
I did notice, because my host doesn't have a compatible libopenssl.
Every build fails, because kwbimage.o was unconditionally included.
My previous workaround was to disable TOOLS_LIBCRYPTO, but this didn't
help after the patch you mentioned. So your solution is a quite nice
fix, and I can stop looking for a workaround.
However this somewhat breaks again somewhat needlessly with 4/4 (when
compiling for any SUNXI board, which don't really need TOC0), but this
can be easily avoided.
Cheers,
Andre
>
> Regards,
> Samuel
>
> >> config ARMADA_38X_HS_IMPEDANCE_THRESH
> >> hex "Armada 38x USB 2.0 High-Speed Impedance Threshold (0x0 - 0x7)"
> >> diff --git a/scripts/config_whitelist.txt b/scripts/config_whitelist.txt
> >> index 2d70bf5da7c..5caaad0c3dc 100644
> >> --- a/scripts/config_whitelist.txt
> >> +++ b/scripts/config_whitelist.txt
> >> @@ -1000,7 +1000,6 @@ CONFIG_MXC_UART_BASE
> >> CONFIG_MXC_USB_FLAGS
> >> CONFIG_MXC_USB_PORT
> >> CONFIG_MXC_USB_PORTSC
> >> -CONFIG_MXS
> >> CONFIG_MXS_AUART
> >> CONFIG_MXS_AUART_BASE
> >> CONFIG_MXS_OCOTP
> >> diff --git a/tools/Makefile b/tools/Makefile
> >> index 4a86321f646..ad0e9cf9490 100644
> >> --- a/tools/Makefile
> >> +++ b/tools/Makefile
> >> @@ -94,9 +94,11 @@ ECDSA_OBJS-$(CONFIG_TOOLS_LIBCRYPTO) := $(addprefix lib/ecdsa/, ecdsa-libcrypto.
> >> AES_OBJS-$(CONFIG_TOOLS_LIBCRYPTO) := $(addprefix lib/aes/, \
> >> aes-encrypt.o aes-decrypt.o)
> >>
> >> -# Cryptographic helpers that depend on openssl/libcrypto
> >> -LIBCRYPTO_OBJS-$(CONFIG_TOOLS_LIBCRYPTO) := $(addprefix lib/, \
> >> - fdt-libcrypto.o)
> >> +# Cryptographic helpers and image types that depend on openssl/libcrypto
> >> +LIBCRYPTO_OBJS-$(CONFIG_TOOLS_LIBCRYPTO) := \
> >> + lib/fdt-libcrypto.o \
> >> + kwbimage.o \
> >> + mxsimage.o
> >>
> >> ROCKCHIP_OBS = lib/rc4.o rkcommon.o rkimage.o rksd.o rkspi.o
> >>
> >> @@ -117,10 +119,8 @@ dumpimage-mkimage-objs := aisimage.o \
> >> imximage.o \
> >> imx8image.o \
> >> imx8mimage.o \
> >> - kwbimage.o \
> >> lib/md5.o \
> >> lpc32xximage.o \
> >> - mxsimage.o \
> >> omapimage.o \
> >> os_support.o \
> >> pblimage.o \
> >> @@ -155,22 +155,13 @@ fit_info-objs := $(dumpimage-mkimage-objs) fit_info.o
> >> fit_check_sign-objs := $(dumpimage-mkimage-objs) fit_check_sign.o
> >> file2include-objs := file2include.o
> >>
> >> -ifneq ($(CONFIG_MX23)$(CONFIG_MX28)$(CONFIG_TOOLS_LIBCRYPTO),)
> >> -# Add CONFIG_MXS into host CFLAGS, so we can check whether or not register
> >> -# the mxsimage support within tools/mxsimage.c .
> >> -HOSTCFLAGS_mxsimage.o += -DCONFIG_MXS
> >> -endif
> >> -
> >> ifdef CONFIG_TOOLS_LIBCRYPTO
> >> # This affects include/image.h, but including the board config file
> >> # is tricky, so manually define this options here.
> >> HOST_EXTRACFLAGS += -DCONFIG_FIT_SIGNATURE
> >> HOST_EXTRACFLAGS += -DCONFIG_FIT_SIGNATURE_MAX_SIZE=0xffffffff
> >> HOST_EXTRACFLAGS += -DCONFIG_FIT_CIPHER
> >> -endif
> >>
> >> -# MXSImage needs LibSSL
> >> -ifneq ($(CONFIG_MX23)$(CONFIG_MX28)$(CONFIG_ARMADA_38X)$(CONFIG_TOOLS_LIBCRYPTO),)
> >> HOSTCFLAGS_kwbimage.o += \
> >> $(shell pkg-config --cflags libssl libcrypto 2> /dev/null || echo "")
> >> HOSTLDLIBS_mkimage += \
> >> diff --git a/tools/mxsimage.c b/tools/mxsimage.c
> >> index 002f4b525aa..2bfbb421eb6 100644
> >> --- a/tools/mxsimage.c
> >> +++ b/tools/mxsimage.c
> >> @@ -5,8 +5,6 @@
> >> * Copyright (C) 2012-2013 Marek Vasut <marex@denx.de>
> >> */
> >>
> >> -#ifdef CONFIG_MXS
> >> -
> >> #include <errno.h>
> >> #include <fcntl.h>
> >> #include <stdio.h>
> >> @@ -2363,4 +2361,3 @@ U_BOOT_IMAGE_TYPE(
> >> NULL,
> >> mxsimage_generate
> >> );
> >> -#endif
> >> --
> >> 2.31.1
> >>
>
next prev parent reply other threads:[~2021-08-24 0:51 UTC|newest]
Thread overview: 13+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-08-22 4:46 [PATCH v2 0/4] sunxi: TOC0 image type support Samuel Holland
2021-08-22 4:46 ` [PATCH v2 1/4] tools: Separate image types which depend on OpenSSL Samuel Holland
2021-08-22 9:58 ` Pali Rohár
2021-08-22 17:32 ` Samuel Holland
2021-08-24 0:51 ` Andre Przywara [this message]
2021-08-22 4:46 ` [PATCH v2 2/4] tools: mkimage: Add Allwinner TOC0 support Samuel Holland
2021-08-22 10:07 ` Pali Rohár
2021-08-22 17:44 ` Samuel Holland
2021-08-22 17:51 ` Pali Rohár
2021-09-06 0:29 ` Andre Przywara
2021-08-22 4:46 ` [PATCH v2 3/4] sunxi: Support SPL in both eGON and TOC0 images Samuel Holland
2021-09-06 0:30 ` Andre Przywara
2021-08-22 4:46 ` [PATCH v2 4/4] sunxi: Support building a SPL as a TOC0 image Samuel Holland
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20210824015131.31e17240@slackpad.fritz.box \
--to=andre.przywara@arm.com \
--cc=baruch@tkos.co.il \
--cc=bharat.gooty@broadcom.com \
--cc=festevam@gmail.com \
--cc=frieder.schrempf@kontron.de \
--cc=jagan@amarulasolutions.com \
--cc=jernej.skrabec@siol.net \
--cc=judge.packham@gmail.com \
--cc=lauri.hintsala@silabs.com \
--cc=marek.behun@nic.cz \
--cc=mr.nuke.me@gmail.com \
--cc=naoki.hayama@lineo.co.jp \
--cc=pali@kernel.org \
--cc=patrick.delaunay@foss.st.com \
--cc=priyanka.jain@nxp.com \
--cc=rayagonda.kokatanur@broadcom.com \
--cc=samuel@sholland.org \
--cc=sbabic@denx.de \
--cc=sjg@chromium.org \
--cc=sr@denx.de \
--cc=sughosh.ganu@linaro.org \
--cc=takahiro.akashi@linaro.org \
--cc=twoerner@gmail.com \
--cc=u-boot@lists.denx.de \
--cc=uboot-imx@nxp.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox