From: "Alex G." <mr.nuke.me@gmail.com>
To: "Lim, Elly Siew Chin" <elly.siew.chin.lim@intel.com>,
"u-boot@lists.denx.de" <u-boot@lists.denx.de>,
Simon Glass <sjg@chromium.org>
Cc: "Tan, Ley Foon" <ley.foon.tan@intel.com>,
"Gan, Yau Wai" <yau.wai.gan@intel.com>,
"Chee, Tien Fong" <tien.fong.chee@intel.com>,
"See, Chin Liang" <chin.liang.see@intel.com>,
"Westergreen, Dalon" <dalon.westergreen@intel.com>
Subject: Re: U-Boot "lib: Add support for ECDSA image signing" commit breaks socfpga_*_atf_defconfig compilation
Date: Mon, 31 May 2021 14:01:10 -0500 [thread overview]
Message-ID: <bfb4d99a-5059-a3a7-623e-491ca4d0dd33@gmail.com> (raw)
In-Reply-To: <CO1PR11MB5092289E74A723F38C55DD4B91449@CO1PR11MB5092.namprd11.prod.outlook.com>
On 4/24/21 2:43 AM, Lim, Elly Siew Chin wrote:
> Add this discussion to denx mailing list.
[snip]
>
> I can think of two enhancement to fix this:
> (1) Add separate CONFIG to gate ECDSA algorithm. This enhancement benefits all use cases. I assume not all user need ECDSA algorithm when FIT_SIGNATURE is used.
> (2) Enhance spl/spl_fit.c to support verification of data integrity based on hash(es) in FIT image instead of based on FIT_SIGNATURE.
>
>
> What do you think? If you agree:
> For (1), can we ask Alex's help to change it?
> For (2), who will be the right person to change this kind of common code?
>
FYI, I proposed a change to decouple OpenSSL from FIT_SIGNATURE [1]
[1]
https://patchwork.ozlabs.org/project/uboot/patch/20210524202317.1492578-1-mr.nuke.me@gmail.com/
That would enable you to have FIT_SIGNATURE, but not need OpenSSL
support in mkimage.
Alex
prev parent reply other threads:[~2021-05-31 19:01 UTC|newest]
Thread overview: 2+ messages / expand[flat|nested] mbox.gz Atom feed top
[not found] <CO1PR11MB509256357A478B6F15F173C291459@CO1PR11MB5092.namprd11.prod.outlook.com>
[not found] ` <76b0d5c1-4684-132f-8c82-230443a6c2f6@gmail.com>
[not found] ` <CO1PR11MB50924BFF383E0F5AF24EBE3D91459@CO1PR11MB5092.namprd11.prod.outlook.com>
[not found] ` <CO1PR11MB5092A668E6F6D8EB3E27659B91459@CO1PR11MB5092.namprd11.prod.outlook.com>
[not found] ` <CAPnjgZ0wyhaeG6jOgB6A+XRUquZ5mGsbouKwh4pJD1T1fcqytA@mail.gmail.com>
2021-04-24 7:43 ` U-Boot "lib: Add support for ECDSA image signing" commit breaks socfpga_*_atf_defconfig compilation Lim, Elly Siew Chin
2021-05-31 19:01 ` Alex G. [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=bfb4d99a-5059-a3a7-623e-491ca4d0dd33@gmail.com \
--to=mr.nuke.me@gmail.com \
--cc=chin.liang.see@intel.com \
--cc=dalon.westergreen@intel.com \
--cc=elly.siew.chin.lim@intel.com \
--cc=ley.foon.tan@intel.com \
--cc=sjg@chromium.org \
--cc=tien.fong.chee@intel.com \
--cc=u-boot@lists.denx.de \
--cc=yau.wai.gan@intel.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox