From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-17.2 required=3.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,HEADER_FROM_DIFFERENT_DOMAINS,INCLUDES_CR_TRAILER, INCLUDES_PATCH,MAILING_LIST_MULTI,SPF_HELO_NONE,SPF_PASS,URIBL_BLOCKED, USER_AGENT_SANE_1 autolearn=ham autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 4C35FC433F5 for ; Thu, 9 Sep 2021 12:45:03 +0000 (UTC) Received: from phobos.denx.de (phobos.denx.de [85.214.62.61]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPS id 5F0C76113A for ; Thu, 9 Sep 2021 12:45:02 +0000 (UTC) DMARC-Filter: OpenDMARC Filter v1.4.1 mail.kernel.org 5F0C76113A Authentication-Results: mail.kernel.org; dmarc=none (p=none dis=none) header.from=konsulko.com Authentication-Results: mail.kernel.org; spf=pass smtp.mailfrom=lists.denx.de Received: from h2850616.stratoserver.net (localhost [IPv6:::1]) by phobos.denx.de (Postfix) with ESMTP id 7F89483314; Thu, 9 Sep 2021 14:45:00 +0200 (CEST) Authentication-Results: phobos.denx.de; dmarc=none (p=none dis=none) header.from=konsulko.com Authentication-Results: phobos.denx.de; spf=pass smtp.mailfrom=u-boot-bounces@lists.denx.de Authentication-Results: phobos.denx.de; dkim=pass (1024-bit key; unprotected) header.d=konsulko.com header.i=@konsulko.com header.b="NGLxPo+i"; dkim-atps=neutral Received: by phobos.denx.de (Postfix, from userid 109) id 434008332B; Thu, 9 Sep 2021 14:44:58 +0200 (CEST) Received: from mail-qk1-x72d.google.com (mail-qk1-x72d.google.com [IPv6:2607:f8b0:4864:20::72d]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits)) (No client certificate requested) by phobos.denx.de (Postfix) with ESMTPS id 75062832F4 for ; Thu, 9 Sep 2021 14:44:54 +0200 (CEST) Authentication-Results: phobos.denx.de; dmarc=none (p=none dis=none) header.from=konsulko.com Authentication-Results: phobos.denx.de; spf=pass smtp.mailfrom=trini@konsulko.com Received: by mail-qk1-x72d.google.com with SMTP id ay33so1548651qkb.10 for ; Thu, 09 Sep 2021 05:44:54 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=konsulko.com; s=google; h=date:from:to:cc:subject:message-id:references:mime-version :content-disposition:in-reply-to:user-agent; bh=zYFXIoivUOrCE1tzx2GlZ85pIv9ZZmSddF29AoL9hWw=; b=NGLxPo+ierEU+sTL1NicUHnHlFC8VQA7RwVC07jecqxhdP/bJmIjZb9Uwakr1XTgIV rz/k9vy7igA4EMgLXV5YsKa+37p7XI+0lLF6fKOzApijfkku8Q2qdzDCPlNgjoK10ufT cheLckbumCFH7uVLti3CYxWy8SpDATBvl5Jjc= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:date:from:to:cc:subject:message-id:references :mime-version:content-disposition:in-reply-to:user-agent; bh=zYFXIoivUOrCE1tzx2GlZ85pIv9ZZmSddF29AoL9hWw=; b=bhcy2Iq2RWxDJDDaN4RgIpBx8NsrVcHM/tvchU615BMqev0gf+lVizv4TXIPPOxq5O NbYsIMC1qhDwGr1cUtsrCcI7Ow1NVZxvclFxnfuy+nyBUYdNkKS2uOOpwprODvSxWOEN kbhta5xVtonuAnAhHsgzB1F1gwtIjiJPV0xD0ILfESGUFZWmmIfdqgAHFJfIVA8+D7pr Ege8i8WcEmyT5rARUDi01gm6dRUVzTRbh7hoELAmPZAZyKMP+q/Ar7sbl049yiQ6wxfh 7roi7M6gwIvDKkk374/X5RzLYJH6qe0pXn8Vz7eHMhwyDaaCQw8U8ng7z/upZ6l4634a 9JIQ== X-Gm-Message-State: AOAM532jEGPAmIAKv3FX99b3+vlbSrX4cxk6nQw0kdtK5e+WsTfhH+kK xU3ULa4EzT64n//h0HlUl74IlA== X-Google-Smtp-Source: ABdhPJy9DjE8mP8A+oO9yHKaBaYz6c8hzPLQdbuDfgHoZWnpti8EVPYxiJ++5Yl39M28dFqXFZwQ3w== X-Received: by 2002:a05:620a:1495:: with SMTP id w21mr2499405qkj.443.1631191493151; Thu, 09 Sep 2021 05:44:53 -0700 (PDT) Received: from bill-the-cat (2603-6081-7b01-cbda-f91e-f867-d1bc-397d.res6.spectrum.com. [2603:6081:7b01:cbda:f91e:f867:d1bc:397d]) by smtp.gmail.com with ESMTPSA id 69sm1322924qke.55.2021.09.09.05.44.51 (version=TLS1_2 cipher=ECDHE-ECDSA-CHACHA20-POLY1305 bits=256/256); Thu, 09 Sep 2021 05:44:52 -0700 (PDT) Date: Thu, 9 Sep 2021 08:44:50 -0400 From: Tom Rini To: Heinrich Schuchardt Cc: AKASHI Takahiro , Vagrant Cascadian , Simon Glass , Sughosh Ganu , u-boot@lists.denx.de Subject: Re: [PATCH 1/1] configs: add mkeficapsule to tools-only_defconfig Message-ID: <20210909124450.GA12964@bill-the-cat> References: <20210909052710.22015-1-xypron.glpk@gmx.de> <20210909060939.GC56666@laputa> <20210909083036.GD56666@laputa> <20210909114615.GW12964@bill-the-cat> <2523ea01-f3c1-79ea-a79b-f92aaa5f66bb@gmx.de> MIME-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha512; protocol="application/pgp-signature"; boundary="cebYKQG0P13XUdCa" Content-Disposition: inline In-Reply-To: <2523ea01-f3c1-79ea-a79b-f92aaa5f66bb@gmx.de> X-Clacks-Overhead: GNU Terry Pratchett User-Agent: Mutt/1.9.4 (2018-02-28) X-BeenThere: u-boot@lists.denx.de X-Mailman-Version: 2.1.34 Precedence: list List-Id: U-Boot discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: u-boot-bounces@lists.denx.de Sender: "U-Boot" X-Virus-Scanned: clamav-milter 0.103.2 at phobos.denx.de X-Virus-Status: Clean --cebYKQG0P13XUdCa Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Thu, Sep 09, 2021 at 02:31:18PM +0200, Heinrich Schuchardt wrote: > On 9/9/21 1:46 PM, Tom Rini wrote: > > On Thu, Sep 09, 2021 at 05:30:36PM +0900, AKASHI Takahiro wrote: > > > On Thu, Sep 09, 2021 at 09:27:50AM +0200, Heinrich Schuchardt wrote: > > > > On 9/9/21 8:09 AM, AKASHI Takahiro wrote: > > > > > On Thu, Sep 09, 2021 at 07:27:10AM +0200, Heinrich Schuchardt wro= te: > > > > > > mkeficapsule is used to create capsules for UEFI firmware updat= e. > > > > > > To ease inclusion into U-Boot tools packages of Linux distribut= ions we > > > > > > should add it to the tools-only_defconfig. > > > > > >=20 > > > > > > Provide dummy values for CONFIG_AVB_BUF_ADDR, CONFIG_AVB_BUF_SI= ZE to > > > > > > satisfy Kconfig. > > > > > >=20 > > > > > > Suggested-by: Vagrant Cascadian > > > > > > Signed-off-by: Heinrich Schuchardt > > > > > > --- > > > > > > configs/tools-only_defconfig | 7 ++++++- > > > > > > 1 file changed, 6 insertions(+), 1 deletion(-) > > > > > >=20 > > > > > > diff --git a/configs/tools-only_defconfig b/configs/tools-only_= defconfig > > > > > > index f54bc1802c..8a20d3fb05 100644 > > > > > > --- a/configs/tools-only_defconfig > > > > > > +++ b/configs/tools-only_defconfig > > > > > > @@ -5,6 +5,8 @@ CONFIG_ANDROID_BOOT_IMAGE=3Dy > > > > > > CONFIG_FIT=3Dy > > > > > > CONFIG_FIT_SIGNATURE=3Dy > > > > > > CONFIG_MISC_INIT_F=3Dy > > > > > > +CONFIG_AVB_BUF_ADDR=3D0x0 > > > > > > +CONFIG_AVB_BUF_SIZE=3D0x8192 > > > > > > # CONFIG_CMD_BOOTD is not set > > > > > > # CONFIG_CMD_BOOTM is not set > > > > > > # CONFIG_CMD_ELF is not set > > > > > > @@ -29,4 +31,7 @@ CONFIG_SYSRESET=3Dy > > > > > > # CONFIG_VIRTIO_MMIO is not set > > > > > > # CONFIG_VIRTIO_PCI is not set > > > > > > # CONFIG_VIRTIO_SANDBOX is not set > > > > > > -# CONFIG_EFI_LOADER is not set > > > > > > +CONFIG_EFI_CAPSULE_ON_DISK=3Dy > > > > > > +CONFIG_EFI_CAPSULE_FIRMWARE_FIT=3Dy > > > > > > +CONFIG_EFI_CAPSULE_FIRMWARE_RAW=3Dy > > > > > > +CONFIG_EFI_CAPSULE_AUTHENTICATE=3Dy > > > > >=20 > > > > > I think that we should use the way that I suggested in my patch[1= ]. > > > > >=20 > > > > > -Takahiro Akashi > > > > >=20 > > > > > [1] https://lists.denx.de/pipermail/u-boot/2021-August/459349.html > > > >=20 > > > > Your patch [1] still requires some rework: > > > > https://patchwork.ozlabs.org/project/uboot/patch/20210831024659.534= 64-2-takahiro.akashi@linaro.org/ > > > >=20 > > > > [1] changes what mkeficapsule looks like and this patch makes it > > > > available in tools-only_defconfig? > > > >=20 > > > > Aren't these two patches complementary? > > >=20 > > > With my patch applied, the only option we need to compile mkeficapsul= e is: > > > CONFIG_TOOLS_MKEFICAPSULE > > > (and optionally CONFIG_TOOLS_LIBCRYPTO) > > >=20 > > > There is no target-config dependency as you have expected. > >=20 > > There's two issues. First, the general one is that when just building > > host tools (typically to package up in a distribution of some sort), it > > shouldn't depend on how "U-Boot" was configured (set aside the default > > environment problem). CONFIG_TOOLS_LIBCRYPTO is the exception here as >=20 > Agreed. That is why in response to [1] I asked Takahiro to change the > patch such that it covers both signed and unsigned capsules. I don't > want two different versions. >=20 > Currently the tool is not build at all if > CONFIG_EFI_HAVE_CAPSULE_SUPPORT is not selected. Do I understand you > right that this dependency should be lifted? I went and re-read the rules on how we enable host tools. I think it's fine to leave that part as-is (and then yes, I've been mistaken in what I've said above, a few more options are also relevant). > > it's how we make things reproducible at least, with respect to libcrypto > > related requirements. The second is that "tools-only_defconfig" is > > what's used when configuring U-Boot (as tools care about > > CONFIG_TOOLS_LIBCRYPTO but also LOCALVERSION). > >=20 > > That said, I would like to know why AVB stuff comes in for building > > mkeficapsule. Is there shared code? If so, are these dummy variables > > OK and not going to cause a problem? >=20 > AVB_VERIFY is implied by SANDBOX and depends on PARTITION_UUIDS. > CONFIG_EFI_HAVE_CAPSULE_SUPPORT requires EFI_LOADER. > EFI_LOADER selects PARTITION_UUIDS. Ah, OK. I might have gone with turning off AVB in tools-only_defconfig instead, but it's not a big deal. I'm going to take a quick poke at something now in fact. --=20 Tom --cebYKQG0P13XUdCa Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iQGzBAABCgAdFiEEGjx/cOCPqxcHgJu/FHw5/5Y0tywFAmE6AbwACgkQFHw5/5Y0 tyx5lQv/YQgcMiPWiGvEze+/DylQ3Zm8zRzbTfgk4Kz4rJPqyd0TsvOdP8ju89VT s2/u4Ff6fpcqQJbO4c/wkcM8VaH0r26ay3pKjxiH3LsWiaGSobaocSeEaSPl7r/p fpI+ogTWl/J2e/v2pACM/x7cRjZVukj4aiCHEAFY3wCw0heK6d2ckmtFspn+ChoF Y1hCr/qUSQSA2XoUk4r2X8Fr/EADSX4K6m2bQnUaMqTVI3WniUgXm+lQnPVsH/mH JYWIRHGULGnSx18XsouDavbjZitkQYsLJO7hwGxzuFWu2fJX0j9NT0peCFcfO8UG 9rXK+vZcMS9HilClWTinz+JKBTHUnhPJZF0narsuJoZRaH1yeb/X7jS/bEP491QL Bqp7WGta/2ka3mAKVkLfHi+A+JT5PiJz8p6OWXh/7N2u5wkdRG4FbV4rnyd8sc4T rEdPCM2ZmyOswQRq3l3B4+j9sRopFr5grDMOGBXuNTZmmsShlVCos2K+VqEB/+cs SXVqjde5 =NVoQ -----END PGP SIGNATURE----- --cebYKQG0P13XUdCa--