-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
On 06/27/2013 02:44 AM, Simon Glass wrote:
Hi Masahiro,
On Wed, Jun 26, 2013 at 9:08 PM, Masahiro Yamada <yamada.m@jp.panasonic.com mailto:yamada.m@jp.panasonic.com> wrote:
Hello, Simon.
When compiling the master branch, I got an error while a tools/mkimage build.
u-boot/lib/rsa/rsa-sign.c:26:25: fatal error: openssl/rsa.h: No such file or directory
I think this erorr is caused by commit 19c402a.
I searched and installed the necessary package and I could resolve this error.
$ apt-file search openssl/rsa.h libssl-dev: /usr/include/openssl/rsa.h $ sudo apt-get install libssl-dev
Let me ask a question.
Going forward do we always need the openssl development package for creating mkimage tool? Or is it possible to disable RSA feature by some CONFIG option?
This is to support verified boot using FIT. Yes it would be possible to make it an option. I had it that way for a while, but then I worried that it would create two versions of mkimage, one of which is incapable of signing images. That means that mkimage would need to be built for a board with verified boot enabled in order to get full functionality.
Perhaps another way would be to check for the header and (if not present), silently build without signing support?
Hurk, dang it.. Yes, I think we need to build and go with an error message on attempted use. Skimming the code, we can't rely on CONFIG_FIT_SIGNATURE being inherited from the config, on the host side, yes?
- -- Tom