From: "Marko Mäkelä" <marko.makela@iki.fi>
To: Raymond Mao <raymondmaoca@gmail.com>
Cc: Philippe Reynes <philippe.reynes@softathome.com>,
jonny.green@keytechinc.com, u-boot@lists.denx.de
Subject: Re: [RFC PATCH 0/4] add software ecdsa support
Date: Thu, 5 Feb 2026 20:16:37 +0200 [thread overview]
Message-ID: <aYTehXWL9mAJoMeh@kehys.lan> (raw)
In-Reply-To: <CAMDkj5y-GgnwgnuQKnDY5AJAL8XWmCXWsFdKtj93VjEyR=b0oA@mail.gmail.com>
Hi Raymond,
Wed, Feb 04, 2026 at 02:28:53PM -0500, Raymond Mao wrote:
>Hi Marko,
[snip]
>When EFI_SECURE_BOOT is enabled, all these dependent Kconfigs will be
>selected automatically.
Thank you for your help. I can confirm that the following will build the
ECDSA_SW implementation:
make sandbox_defconfig
scripts/config -e ECDSA_SW
make syncconfig && grep ASN1 .config
make -j$(nproc)
The redundant "grep" step above would output the following:
CONFIG_ASN1_DECODER_MBEDTLS=y
CONFIG_ASN1_COMPILER=y
CONFIG_ASN1_DECODER=y
I still can't enable those in any rpi_4_defconfig based build attempt,
such as this one:
cat > configs/rpi_4a_defconfig << EOF
#include <configs/rpi_4_defconfig>
CONFIG_EFI_SECURE_BOOT=y
CONFIG_MBEDTLS_LIB=y
CONFIG_ECDSA_SW=y
CONFIG_ECDSA_MBEDTLS=y
CONFIG_ECDSA=y
CONFIG_ECDSA_VERIFY=y
EOF
make rpi_4a_defconfig
make -j$(nproc) CROSS_COMPILE=aarch64-linux-gnu-
This build fails in the same way as yesterday because none of the ASN1
options will be present in the .config file. Neither will
CONFIG_EFI_SECURE_BOOT. Many EFI options were enabled, but not that one.
On a positive note, CONFIG_LEGACY_HASHING_AND_CRYPTO was disabled
automatically by the above, and MBEDTLS was enabled, unlike in my
earlier attempt about a month ago, using an different u-boot revision.
I also tried to enable several options that CONFIG_EFI_SECURE_BOOT would
select in lib/efi_loader/Kconfig, but with no success.
Is there a way to get some diagnostics that explains why Kconfig refuses
to enable a particular option?
With best regards,
Marko
next prev parent reply other threads:[~2026-02-05 18:16 UTC|newest]
Thread overview: 16+ messages / expand[flat|nested] mbox.gz Atom feed top
2026-02-02 17:03 [RFC PATCH 0/4] add software ecdsa support Philippe Reynes
2026-02-02 17:03 ` [RFC PATCH 1/4] mbedtls: enable support of ecc Philippe Reynes
2026-02-02 19:03 ` Raymond Mao
2026-02-02 17:03 ` [RFC PATCH 2/4] ecdsa: initial support of ecdsa using mbedtls Philippe Reynes
2026-02-02 17:03 ` [RFC PATCH 3/4] test: lib: sw_ecdsa: add initial test Philippe Reynes
2026-02-02 17:03 ` [RFC PATCH 4/4] drivers: crypto: add software ecdsa support Philippe Reynes
2026-02-02 19:09 ` [RFC PATCH 0/4] " Raymond Mao
2026-02-02 19:44 ` Tom Rini
2026-02-04 19:02 ` Marko Mäkelä
2026-02-04 19:28 ` Raymond Mao
2026-02-05 18:16 ` Marko Mäkelä [this message]
2026-02-05 18:47 ` Raymond Mao
2026-02-08 18:37 ` Marko Mäkelä
2026-02-09 16:04 ` Marko Mäkelä
2026-02-14 19:38 ` Marko Mäkelä
2026-02-15 18:31 ` Marko Mäkelä
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=aYTehXWL9mAJoMeh@kehys.lan \
--to=marko.makela@iki.fi \
--cc=jonny.green@keytechinc.com \
--cc=philippe.reynes@softathome.com \
--cc=raymondmaoca@gmail.com \
--cc=u-boot@lists.denx.de \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox