[PATCH 1/1] boot: don't select non-existent CONFIG_VPL

public inbox for u-boot@lists.denx.de
 help / color / mirror / Atom feed

* [PATCH 1/1] boot: don't select non-existent CONFIG_VPL_CRYPTO
@ 2026-02-25  7:37 Heinrich Schuchardt
  2026-02-25  8:37 ` Quentin Schulz
  2026-03-10 20:45 ` Tom Rini
  0 siblings, 2 replies; 7+ messages in thread
From: Heinrich Schuchardt @ 2026-02-25  7:37 UTC (permalink / raw)
  To: Simon Glass, Tom Rini
  Cc: Quentin Schulz, Kory Maincent, Mattijs Korpershoek, Peng Fan,
	Marek Vasut, Martin Schwan, Anshul Dalal, George Chan, u-boot,
	Heinrich Schuchardt

Symbol CONFIG_VPL_CRYPTO does not exist.
Don't select it.

Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
---
 boot/Kconfig | 1 -
 1 file changed, 1 deletion(-)

diff --git a/boot/Kconfig b/boot/Kconfig
index e5db165424a..e9c8734ecb5 100644
--- a/boot/Kconfig
+++ b/boot/Kconfig
@@ -386,7 +386,6 @@ config VPL_FIT_SIGNATURE
 	default y
 	select FIT_SIGNATURE
 	select VPL_FIT
-	select VPL_CRYPTO
 	select VPL_HASH
 	imply VPL_RSA
 	imply VPL_RSA_VERIFY
-- 
2.51.0


^ permalink raw reply related	[flat|nested] 7+ messages in thread

* Re: [PATCH 1/1] boot: don't select non-existent CONFIG_VPL_CRYPTO
  2026-02-25  7:37 [PATCH 1/1] boot: don't select non-existent CONFIG_VPL_CRYPTO Heinrich Schuchardt
@ 2026-02-25  8:37 ` Quentin Schulz
  2026-02-25  9:06   ` Heinrich Schuchardt
  2026-03-10 20:45 ` Tom Rini
  1 sibling, 1 reply; 7+ messages in thread
From: Quentin Schulz @ 2026-02-25  8:37 UTC (permalink / raw)
  To: Heinrich Schuchardt, Simon Glass, Tom Rini
  Cc: Kory Maincent, Mattijs Korpershoek, Peng Fan, Marek Vasut,
	Martin Schwan, Anshul Dalal, George Chan, u-boot

Hi Heinrich,

On 2/25/26 8:37 AM, Heinrich Schuchardt wrote:
> Symbol CONFIG_VPL_CRYPTO does not exist.

Correct but I have a hunch this was based off of SPL_FIT_SIGNATURE which 
does require crypto support, so I'm assuming VPL would too.

But this symbol indeed never existed, and even if it did, it wouldn't 
compile anything else as far as I can tell since drivers/crypto is 
enabled by default in proper and only if CONFIG_SPL_CRYPTO is set for 
SPL, and only SPL (checking for !TPL and !VPL)... so something feels 
unfinished with VPL here to me.

I'm not sure we're improving anything there but I don't think it makes 
things worse, as such

Fixes: 4218456b3fac ("vbe: Add Kconfig options for VPL")

Reviewed-by: Quentin Schulz <quentin.schulz@cherry.de>

Thanks!
Quentin

^ permalink raw reply	[flat|nested] 7+ messages in thread

* Re: [PATCH 1/1] boot: don't select non-existent CONFIG_VPL_CRYPTO
  2026-02-25  8:37 ` Quentin Schulz
@ 2026-02-25  9:06   ` Heinrich Schuchardt
  2026-02-25 12:21     ` Heinrich Schuchardt
  0 siblings, 1 reply; 7+ messages in thread
From: Heinrich Schuchardt @ 2026-02-25  9:06 UTC (permalink / raw)
  To: Quentin Schulz, Simon Glass
  Cc: Kory Maincent, Mattijs Korpershoek, Peng Fan, Marek Vasut,
	Martin Schwan, Anshul Dalal, George Chan, u-boot, Tom Rini

On 2/25/26 09:37, Quentin Schulz wrote:
> Hi Heinrich,
> 
> On 2/25/26 8:37 AM, Heinrich Schuchardt wrote:
>> Symbol CONFIG_VPL_CRYPTO does not exist.
> 
> Correct but I have a hunch this was based off of SPL_FIT_SIGNATURE which 
> does require crypto support, so I'm assuming VPL would too.
> 
> But this symbol indeed never existed, and even if it did, it wouldn't 
> compile anything else as far as I can tell since drivers/crypto is 
> enabled by default in proper and only if CONFIG_SPL_CRYPTO is set for 
> SPL, and only SPL (checking for !TPL and !VPL)... so something feels 
> unfinished with VPL here to me.
> 
> I'm not sure we're improving anything there but I don't think it makes 
> things worse, as such
> 
> Fixes: 4218456b3fac ("vbe: Add Kconfig options for VPL")
> 
> Reviewed-by: Quentin Schulz <quentin.schulz@cherry.de>
> 
> Thanks!
> Quentin

Thank you for reviewing.

There is a symbol CONFIG_VPL_MBEDTLS_LIB_CRYPTO that might be used but 
then VPL_FIT_SIGNATURE support would have to depend on MBEDTLS.

Maybe Simon can inform us what his design intention was. Adding a 
defconfig actually testing VPL_FIT_SIGNATURE would be helpful.

Best regards

Heinrich

^ permalink raw reply	[flat|nested] 7+ messages in thread

* Re: [PATCH 1/1] boot: don't select non-existent CONFIG_VPL_CRYPTO
  2026-02-25  9:06   ` Heinrich Schuchardt
@ 2026-02-25 12:21     ` Heinrich Schuchardt
  2026-02-26 14:53       ` Quentin Schulz
  0 siblings, 1 reply; 7+ messages in thread
From: Heinrich Schuchardt @ 2026-02-25 12:21 UTC (permalink / raw)
  To: Simon Glass, Tom Rini
  Cc: Kory Maincent, Mattijs Korpershoek, Peng Fan, Marek Vasut,
	Martin Schwan, Anshul Dalal, George Chan, Quentin Schulz, u-boot

On 2/25/26 10:06, Heinrich Schuchardt wrote:
> On 2/25/26 09:37, Quentin Schulz wrote:
>> Hi Heinrich,
>>
>> On 2/25/26 8:37 AM, Heinrich Schuchardt wrote:
>>> Symbol CONFIG_VPL_CRYPTO does not exist.
>>
>> Correct but I have a hunch this was based off of SPL_FIT_SIGNATURE 
>> which does require crypto support, so I'm assuming VPL would too.
>>
>> But this symbol indeed never existed, and even if it did, it wouldn't 
>> compile anything else as far as I can tell since drivers/crypto is 
>> enabled by default in proper and only if CONFIG_SPL_CRYPTO is set for 
>> SPL, and only SPL (checking for !TPL and !VPL)... so something feels 
>> unfinished with VPL here to me.
>>
>> I'm not sure we're improving anything there but I don't think it makes 
>> things worse, as such
>>
>> Fixes: 4218456b3fac ("vbe: Add Kconfig options for VPL")
>>
>> Reviewed-by: Quentin Schulz <quentin.schulz@cherry.de>
>>
>> Thanks!
>> Quentin
> 
> Thank you for reviewing.
> 
> There is a symbol CONFIG_VPL_MBEDTLS_LIB_CRYPTO that might be used but 
> then VPL_FIT_SIGNATURE support would have to depend on MBEDTLS.
> 
> Maybe Simon can inform us what his design intention was. Adding a 
> defconfig actually testing VPL_FIT_SIGNATURE would be helpful.
> 
> Best regards
> 
> Heinrich

There are more non-existent symbols implied by VPL_FIT_SIGNATURE

         imply VPL_RSA
         imply VPL_RSA_VERIFY

@Tom
I wonder why the VPL feature was suggested if it was never tested or 
used. Should we remove all of VPL?

Best regards

Heinrich

^ permalink raw reply	[flat|nested] 7+ messages in thread

* Re: [PATCH 1/1] boot: don't select non-existent CONFIG_VPL_CRYPTO
  2026-02-25 12:21     ` Heinrich Schuchardt
@ 2026-02-26 14:53       ` Quentin Schulz
  2026-02-26 23:44         ` Simon Glass
  0 siblings, 1 reply; 7+ messages in thread
From: Quentin Schulz @ 2026-02-26 14:53 UTC (permalink / raw)
  To: Heinrich Schuchardt, Simon Glass, Tom Rini
  Cc: Kory Maincent, Mattijs Korpershoek, Peng Fan, Marek Vasut,
	Martin Schwan, Anshul Dalal, George Chan, u-boot

Hi Heinrich,

On 2/25/26 1:21 PM, Heinrich Schuchardt wrote:
> On 2/25/26 10:06, Heinrich Schuchardt wrote:
>> On 2/25/26 09:37, Quentin Schulz wrote:
>>> Hi Heinrich,
>>>
>>> On 2/25/26 8:37 AM, Heinrich Schuchardt wrote:
>>>> Symbol CONFIG_VPL_CRYPTO does not exist.
>>>
>>> Correct but I have a hunch this was based off of SPL_FIT_SIGNATURE 
>>> which does require crypto support, so I'm assuming VPL would too.
>>>
>>> But this symbol indeed never existed, and even if it did, it wouldn't 
>>> compile anything else as far as I can tell since drivers/crypto is 
>>> enabled by default in proper and only if CONFIG_SPL_CRYPTO is set for 
>>> SPL, and only SPL (checking for !TPL and !VPL)... so something feels 
>>> unfinished with VPL here to me.
>>>
>>> I'm not sure we're improving anything there but I don't think it 
>>> makes things worse, as such
>>>
>>> Fixes: 4218456b3fac ("vbe: Add Kconfig options for VPL")
>>>
>>> Reviewed-by: Quentin Schulz <quentin.schulz@cherry.de>
>>>
>>> Thanks!
>>> Quentin
>>
>> Thank you for reviewing.
>>
>> There is a symbol CONFIG_VPL_MBEDTLS_LIB_CRYPTO that might be used but 
>> then VPL_FIT_SIGNATURE support would have to depend on MBEDTLS.
>>
>> Maybe Simon can inform us what his design intention was. Adding a 
>> defconfig actually testing VPL_FIT_SIGNATURE would be helpful.
>>
>> Best regards
>>
>> Heinrich
> 
> There are more non-existent symbols implied by VPL_FIT_SIGNATURE
> 
>          imply VPL_RSA
>          imply VPL_RSA_VERIFY
> 
> @Tom
> I wonder why the VPL feature was suggested if it was never tested or 
> used. Should we remove all of VPL?
> 

As far as I remember, VPL was a necessary step to add support for VBE 
(Verified Boot for Embedded) that Simon was working on. I don't think it 
got realized entirely (upstream I mean) which may explain the current 
state of VPL symbols.

Cheers,
Quentin

^ permalink raw reply	[flat|nested] 7+ messages in thread

* Re: [PATCH 1/1] boot: don't select non-existent CONFIG_VPL_CRYPTO
  2026-02-26 14:53       ` Quentin Schulz
@ 2026-02-26 23:44         ` Simon Glass
  0 siblings, 0 replies; 7+ messages in thread
From: Simon Glass @ 2026-02-26 23:44 UTC (permalink / raw)
  To: Quentin Schulz
  Cc: Heinrich Schuchardt, Tom Rini, Kory Maincent, Mattijs Korpershoek,
	Peng Fan, Marek Vasut, Martin Schwan, Anshul Dalal, George Chan,
	u-boot

Hi Quentin,

On Thu, 26 Feb 2026 at 07:54, Quentin Schulz <quentin.schulz@cherry.de> wrote:
>
> Hi Heinrich,
>
> On 2/25/26 1:21 PM, Heinrich Schuchardt wrote:
> > On 2/25/26 10:06, Heinrich Schuchardt wrote:
> >> On 2/25/26 09:37, Quentin Schulz wrote:
> >>> Hi Heinrich,
> >>>
> >>> On 2/25/26 8:37 AM, Heinrich Schuchardt wrote:
> >>>> Symbol CONFIG_VPL_CRYPTO does not exist.
> >>>
> >>> Correct but I have a hunch this was based off of SPL_FIT_SIGNATURE
> >>> which does require crypto support, so I'm assuming VPL would too.
> >>>
> >>> But this symbol indeed never existed, and even if it did, it wouldn't
> >>> compile anything else as far as I can tell since drivers/crypto is
> >>> enabled by default in proper and only if CONFIG_SPL_CRYPTO is set for
> >>> SPL, and only SPL (checking for !TPL and !VPL)... so something feels
> >>> unfinished with VPL here to me.
> >>>
> >>> I'm not sure we're improving anything there but I don't think it
> >>> makes things worse, as such
> >>>
> >>> Fixes: 4218456b3fac ("vbe: Add Kconfig options for VPL")
> >>>
> >>> Reviewed-by: Quentin Schulz <quentin.schulz@cherry.de>
> >>>
> >>> Thanks!
> >>> Quentin
> >>
> >> Thank you for reviewing.
> >>
> >> There is a symbol CONFIG_VPL_MBEDTLS_LIB_CRYPTO that might be used but
> >> then VPL_FIT_SIGNATURE support would have to depend on MBEDTLS.
> >>
> >> Maybe Simon can inform us what his design intention was. Adding a
> >> defconfig actually testing VPL_FIT_SIGNATURE would be helpful.
> >>
> >> Best regards
> >>
> >> Heinrich
> >
> > There are more non-existent symbols implied by VPL_FIT_SIGNATURE
> >
> >          imply VPL_RSA
> >          imply VPL_RSA_VERIFY
> >
> > @Tom
> > I wonder why the VPL feature was suggested if it was never tested or
> > used. Should we remove all of VPL?
> >
>
> As far as I remember, VPL was a necessary step to add support for VBE
> (Verified Boot for Embedded) that Simon was working on. I don't think it
> got realized entirely (upstream I mean) which may explain the current
> state of VPL symbols.

Heinrich asked me the same thing this morning. From my understanding,
the penultimate series was applied but later reverted. The final
series was never applied. It's in the Concept tree for now and is
running fine on an rk3399 board:

https://concept.u-boot.org/u-boot/u-boot/-/jobs/300379

If there is any interest in getting these two series in I could resend.

Regards,
Simon

^ permalink raw reply	[flat|nested] 7+ messages in thread

* Re: [PATCH 1/1] boot: don't select non-existent CONFIG_VPL_CRYPTO
  2026-02-25  7:37 [PATCH 1/1] boot: don't select non-existent CONFIG_VPL_CRYPTO Heinrich Schuchardt
  2026-02-25  8:37 ` Quentin Schulz
@ 2026-03-10 20:45 ` Tom Rini
  1 sibling, 0 replies; 7+ messages in thread
From: Tom Rini @ 2026-03-10 20:45 UTC (permalink / raw)
  To: Simon Glass, Heinrich Schuchardt
  Cc: Quentin Schulz, Kory Maincent, Mattijs Korpershoek, Peng Fan,
	Marek Vasut, Martin Schwan, Anshul Dalal, George Chan, u-boot

On Wed, 25 Feb 2026 08:37:11 +0100, Heinrich Schuchardt wrote:

> Symbol CONFIG_VPL_CRYPTO does not exist.
> Don't select it.
> 
> 

Applied to u-boot/next, thanks!

[1/1] boot: don't select non-existent CONFIG_VPL_CRYPTO
      commit: ff1b59c9bd49141efd45d50ddba291820a6ae975
-- 
Tom



^ permalink raw reply	[flat|nested] 7+ messages in thread

end of thread, other threads:[~2026-03-10 20:45 UTC | newest]

Thread overview: 7+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2026-02-25  7:37 [PATCH 1/1] boot: don't select non-existent CONFIG_VPL_CRYPTO Heinrich Schuchardt
2026-02-25  8:37 ` Quentin Schulz
2026-02-25  9:06   ` Heinrich Schuchardt
2026-02-25 12:21     ` Heinrich Schuchardt
2026-02-26 14:53       ` Quentin Schulz
2026-02-26 23:44         ` Simon Glass
2026-03-10 20:45 ` Tom Rini

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox