Re: [PATCH 1/1] boot: don't select non-existent CONFIG_VPL_CRYPTO

[Quentin Schulz <quentin.schulz@cherry.de>]

Hi Heinrich,

On 2/25/26 1:21 PM, Heinrich Schuchardt wrote:
> On 2/25/26 10:06, Heinrich Schuchardt wrote:
>> On 2/25/26 09:37, Quentin Schulz wrote:
>>> Hi Heinrich,
>>>
>>> On 2/25/26 8:37 AM, Heinrich Schuchardt wrote:
>>>> Symbol CONFIG_VPL_CRYPTO does not exist.
>>>
>>> Correct but I have a hunch this was based off of SPL_FIT_SIGNATURE 
>>> which does require crypto support, so I'm assuming VPL would too.
>>>
>>> But this symbol indeed never existed, and even if it did, it wouldn't 
>>> compile anything else as far as I can tell since drivers/crypto is 
>>> enabled by default in proper and only if CONFIG_SPL_CRYPTO is set for 
>>> SPL, and only SPL (checking for !TPL and !VPL)... so something feels 
>>> unfinished with VPL here to me.
>>>
>>> I'm not sure we're improving anything there but I don't think it 
>>> makes things worse, as such
>>>
>>> Fixes: 4218456b3fac ("vbe: Add Kconfig options for VPL")
>>>
>>> Reviewed-by: Quentin Schulz <quentin.schulz@cherry.de>
>>>
>>> Thanks!
>>> Quentin
>>
>> Thank you for reviewing.
>>
>> There is a symbol CONFIG_VPL_MBEDTLS_LIB_CRYPTO that might be used but 
>> then VPL_FIT_SIGNATURE support would have to depend on MBEDTLS.
>>
>> Maybe Simon can inform us what his design intention was. Adding a 
>> defconfig actually testing VPL_FIT_SIGNATURE would be helpful.
>>
>> Best regards
>>
>> Heinrich
> 
> There are more non-existent symbols implied by VPL_FIT_SIGNATURE
> 
>          imply VPL_RSA
>          imply VPL_RSA_VERIFY
> 
> @Tom
> I wonder why the VPL feature was suggested if it was never tested or 
> used. Should we remove all of VPL?
> 

As far as I remember, VPL was a necessary step to add support for VBE 
(Verified Boot for Embedded) that Simon was working on. I don't think it 
got realized entirely (upstream I mean) which may explain the current 
state of VPL symbols.

Cheers,
Quentin