From: Tom Rini <trini@ti.com>
To: u-boot@lists.denx.de
Subject: [U-Boot] [PATCH v3 03/12] image: Add RSA support for image signing
Date: Thu, 27 Jun 2013 08:50:48 -0400 [thread overview]
Message-ID: <51CC3528.2080000@ti.com> (raw)
In-Reply-To: <CAPnjgZ1=V=_xrabXFGSKLznpTBm5zFUsfevOG+O3rao8Hujh-w@mail.gmail.com>
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On 06/27/2013 02:44 AM, Simon Glass wrote:
> Hi Masahiro,
>
> On Wed, Jun 26, 2013 at 9:08 PM, Masahiro Yamada
> <yamada.m at jp.panasonic.com <mailto:yamada.m@jp.panasonic.com>>
> wrote:
>
> Hello, Simon.
>
>
> When compiling the master branch, I got an error while a
> tools/mkimage build.
>
>
> u-boot/lib/rsa/rsa-sign.c:26:25: fatal error: openssl/rsa.h: No
> such file or directory
>
>
> I think this erorr is caused by commit 19c402a.
>
>
> I searched and installed the necessary package and I could resolve
> this error.
>
> $ apt-file search openssl/rsa.h libssl-dev:
> /usr/include/openssl/rsa.h $ sudo apt-get install libssl-dev
>
>
> Let me ask a question.
>
> Going forward do we always need the openssl development package
> for creating mkimage tool? Or is it possible to disable RSA feature
> by some CONFIG option?
>
>
> This is to support verified boot using FIT. Yes it would be
> possible to make it an option. I had it that way for a while, but
> then I worried that it would create two versions of mkimage, one
> of which is incapable of signing images. That means that mkimage
> would need to be built for a board with verified boot enabled in
> order to get full functionality.
>
> Perhaps another way would be to check for the header and (if not
> present), silently build without signing support?
Hurk, dang it.. Yes, I think we need to build and go with an error
message on attempted use. Skimming the code, we can't rely on
CONFIG_FIT_SIGNATURE being inherited from the config, on the host
side, yes?
- --
Tom
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/
iQIcBAEBAgAGBQJRzDUoAAoJENk4IS6UOR1WOF8P/in1joGCy0NcOJ3g3PKRRi5Y
eUgwTbOaQ3x82dJ3820YEkxSpaJIxiw+l0cvbWVH9TR6wO/7EiVjNLmFwauhuVBU
BAf9ghleHjd3T6utxEzDk0z9O2E9f8aliSQ1d31oK1NrM/IvhW06udv6V0shFRCN
i3uD4bkWPgv+qChZ+94ma4rc3SDz393lG2dwn0L9TZ/Kv3qOaoEr1qTDSS2fRXqg
2Yd1vFD3mT9ZEMQwfteoThuXWZfyWFYfh9wsUjwjHonJNauwKkZgWFHnZpYCv6tJ
TQEOH7pVpO7RAMFw/7f/tXdk/U2Qnmq/GH0Gy/p9E7UYb4IqXNGrXBOjhEGizH+c
gA4bAxjooHoVayUf/m3m6g5WUd1uv6cKhcS5WppmaduPdPncB8wPKxksT/ti1NKi
4yDdFLsudPvO+0R94MT+5dgV4Album8aoICmSgzxRy+3x9lGGxEGHeCleDtwnLTR
dQEnmUEweKvwL1MNJZ6TBtqekbf/hKVbgn4EqEi0fb4CLKCVFOGT3YSu8oWDaZEQ
q0C08/hn6lNgbGqTQL83I0lahp2HiPjHZMvUVVcE0lzOIowkTLLxvsZLfLhlCdXv
LxG26Pi0rG/CU8BnYQ/W00X4HPi20UDOt9nLyINq63ctKLWKMMA3B7IkcpBGbT2U
dA8uceK04MStQdxiB3kh
=wI1Q
-----END PGP SIGNATURE-----
next prev parent reply other threads:[~2013-06-27 12:50 UTC|newest]
Thread overview: 24+ messages / expand[flat|nested] mbox.gz Atom feed top
2013-06-13 22:09 [U-Boot] [PATCH v3 0/12] Verified boot implementation based on FIT Simon Glass
2013-06-13 22:10 ` [U-Boot] [PATCH v3 01/12] image: Add signing infrastructure Simon Glass
2013-06-13 22:10 ` [U-Boot] [PATCH v3 02/12] image: Support signing of images Simon Glass
2013-06-13 22:10 ` [U-Boot] [PATCH v3 03/12] image: Add RSA support for image signing Simon Glass
2013-06-27 4:08 ` Masahiro Yamada
2013-06-27 6:44 ` Simon Glass
2013-06-27 12:50 ` Tom Rini [this message]
2013-06-27 15:45 ` Simon Glass
2013-06-27 15:48 ` Tom Rini
2013-06-27 17:04 ` Simon Glass
2013-06-13 22:10 ` [U-Boot] [PATCH v3 04/12] mkimage: Add -k option to specify key directory Simon Glass
2013-06-13 22:10 ` [U-Boot] [PATCH v3 05/12] mkimage: Add -K to write public keys to an FDT blob Simon Glass
2013-06-13 22:10 ` [U-Boot] [PATCH v3 06/12] mkimage: Add -F option to modify an existing .fit file Simon Glass
2013-06-13 22:10 ` [U-Boot] [PATCH v3 07/12] mkimage: Add -c option to specify a comment for key signing Simon Glass
2013-06-13 22:10 ` [U-Boot] [PATCH v3 08/12] mkimage: Add -r option to specify keys that must be verified Simon Glass
2013-06-13 22:10 ` [U-Boot] [PATCH v3 09/12] libfdt: Add fdt_find_regions() Simon Glass
2013-06-13 22:10 ` [U-Boot] [PATCH v3 10/12] image: Add support for signing of FIT configurations Simon Glass
2013-06-13 22:10 ` [U-Boot] [PATCH v3 11/12] sandbox: config: Enable FIT signatures with RSA Simon Glass
2013-06-13 22:10 ` [U-Boot] [PATCH v3 12/12] Add verified boot information and test Simon Glass
2013-06-13 22:33 ` Simon Glass
2013-06-20 16:07 ` Tom Rini
2013-06-20 16:18 ` Simon Glass
2013-06-20 20:55 ` Simon Glass
2013-06-26 20:24 ` [U-Boot] [PATCH v3 0/12] Verified boot implementation based on FIT Tom Rini
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=51CC3528.2080000@ti.com \
--to=trini@ti.com \
--cc=u-boot@lists.denx.de \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox