From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from phobos.denx.de (phobos.denx.de [85.214.62.61]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.lore.kernel.org (Postfix) with ESMTPS id 8A7E5C433EF for ; Tue, 8 Feb 2022 16:41:47 +0000 (UTC) Received: from h2850616.stratoserver.net (localhost [IPv6:::1]) by phobos.denx.de (Postfix) with ESMTP id C383E8367D; Tue, 8 Feb 2022 17:41:44 +0100 (CET) Authentication-Results: phobos.denx.de; dmarc=pass (p=reject dis=none) header.from=dh-electronics.com Authentication-Results: phobos.denx.de; spf=pass smtp.mailfrom=u-boot-bounces@lists.denx.de Authentication-Results: phobos.denx.de; dkim=pass (2048-bit key; unprotected) header.d=dh-electronics.com header.i=@dh-electronics.com header.b="OYBXftaq"; dkim-atps=neutral Received: by phobos.denx.de (Postfix, from userid 109) id E2AC68309D; Tue, 8 Feb 2022 16:44:12 +0100 (CET) Received: from mx4.securetransport.de (mx4.securetransport.de [178.254.6.145]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) (No client certificate requested) by phobos.denx.de (Postfix) with ESMTPS id B8BAC80F94 for ; Tue, 8 Feb 2022 16:44:09 +0100 (CET) Authentication-Results: phobos.denx.de; dmarc=pass (p=reject dis=none) header.from=dh-electronics.com Authentication-Results: phobos.denx.de; spf=pass smtp.mailfrom=jneuhauser@dh-electronics.com DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=dh-electronics.com; s=dhelectronicscom; t=1644335042; bh=qKoA2Bxx0O7S/AAJ1jKkAGqh8XUS7e53xpORWEsugtM=; h=From:To:CC:Subject:Date:From; b=OYBXftaq1pT835P1n5Axv19ZXlCPGg0L7t70KWFliX/SnFj5KuwyeoZRxpBq/CdNW aU/PMoBbTxgZXWQYAnpBg6U91mKFUR8PVuQB6LDG/TFdCjl8muxMaakD4DriEO+QBd 3uwhG/gfjs9+WJVgOj7O8M56BRiw2aIIizJYWtkhdF4Hy3bxbLCmFcfaHRXuTvsZvq bPCpgZFuHjrotfUeD6zVpdFlx+PEuwD7t7ijD4rE0qSmMXp1iy+DFfiwwJVR4Jy5BQ G+YlIKEiCeW4z9qsy2xdrWiD3zL7EZ4nh+BeuFMSX5apcfZ/sMqoC5vQM7Uqtm7NwZ mjd5BzYqztdTg== X-secureTransport-forwarded: yes From: Johann Neuhauser Complaints-To: abuse@cubewerk.de To: "u-boot@lists.denx.de" CC: "sjg@chromium.org" Subject: Compile error with SPL_FIT_FULL_CHECK and SPL_LOAD_FIT_FULL enabled Thread-Topic: Compile error with SPL_FIT_FULL_CHECK and SPL_LOAD_FIT_FULL enabled Thread-Index: AdgdAPNMbFdUqI1ZSZq7nJWUVqmeaw== Date: Tue, 8 Feb 2022 15:43:35 +0000 Message-ID: Accept-Language: de-DE, en-US Content-Language: de-DE X-MS-Has-Attach: X-MS-TNEF-Correlator: Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 X-Mailman-Approved-At: Tue, 08 Feb 2022 17:41:43 +0100 X-BeenThere: u-boot@lists.denx.de X-Mailman-Version: 2.1.39 Precedence: list List-Id: U-Boot discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: u-boot-bounces@lists.denx.de Sender: "U-Boot" X-Virus-Scanned: clamav-milter 0.103.5 at phobos.denx.de X-Virus-Status: Clean Dear developers and Simon, we wanna run secure boot with U-Boot's SPL_FIT_SIGNATURE and FIT_SIGNATURE = on our STM32MP1 boards and discovered the CVE-2021-27097. To mitigate this vulnerability we wanna enable SPL_LOAD_FIT_FULL and SPL_FI= T_FULL_CHECK. If I compile any U-Boot SPL with the mentioned config symbols after commit = 6f3c2d8a, it fails always with the following error message: Used defconfig: stm32mp15_dhcom_basic_defconfig (+ mentioned configs enable= d) ``` ... LD spl/lib/built-in.o LD spl/u-boot-spl /usr/bin/arm-linux-gnueabihf-ld.bfd: common/built-in.o: in function `fit_ch= eck_format': /mnt/work/dev/u-boot/common/image-fit.c:1591: undefined reference to `fdt_c= heck_full' make[1]: *** [scripts/Makefile.spl:432: spl/u-boot-spl] Error 1 make: *** [Makefile:1941: spl/u-boot-spl] Error 2 ``` After diging around to find the cause, we're out of ideas. Does anyone have a clue why the needed function is not compiled in libfdt f= or the spl build? Many thanks in advance. Best regards, Johann Neuhauser DH electronics GmbH | Am Anger 8 | 83346 Bergen | Germany | Fon: +49 8662 4= 882 0 Board of Management: Stefan Daxenberger, Helmut Henschke | HRB Traunstein 9= 602