Hello,
Am Samstag, 21. Januar 2023, 16:47:42 CET schrieb Paul-Erwan Rio:
Commit <cb9faa6f98ae56d70d59505dad290dd3d381cb7b> introduced a target-independent configuration to build crypto features in host tools.
But since commit <2c21256b27d70b5950bd059330cdab027fb6ab7e>, the build without OpenSSL is broken, due to FIT signature/encryption features. Add missing conditional compilation tokens to fix this.
Signed-off-by: Paul-Erwan Rio paulerwan.rio@gmail.com
I applied your patch to my v2023.10 based tree and it fails to build (just using one board as example here, it is not the only one failing).
% buildman -o ~/build/u-boot/buildman -Pr -a '~CONFIG_TOOLS_LIBCRYPTO' sama5d27_som1_ek_mmc Building current source for 2 boards (2 threads, 8 jobs per thread) arm: + sama5d27_som1_ek_mmc1 +tools/image-host.c:17:10: fatal error: openssl/pem.h: Datei oder Verzeichnis nicht gefunden + 17 | #include <openssl/pem.h> + | ^~~~~~~~~~~~~~~ +compilation terminated. +make[2]: *** [scripts/Makefile.host:112: tools/image-host.o] Fehler 1 +make[1]: *** [Makefile:1857: tools] Fehler 2 +make: *** [Makefile:177: sub-make] Error 2 arm: + sama5d27_som1_ek_mmc +tools/image-host.c:17:10: fatal error: openssl/pem.h: Datei oder Verzeichnis nicht gefunden + 17 | #include <openssl/pem.h> + | ^~~~~~~~~~~~~~~ +compilation terminated. +make[2]: *** [scripts/Makefile.host:112: tools/image-host.o] Fehler 1 +make[1]: *** [Makefile:1857: tools] Fehler 2 +make: *** [Makefile:177: sub-make] Error 2 0 0 2 /2 sama5d27_som1_ek_mmc Completed: 2 total built, 2 newly), duration 0:00:01, rate 2.00
Same if I apply the whole series to master (this time with english locale):
% buildman -o ~/build/u-boot/buildman -Pr -a '~CONFIG_TOOLS_LIBCRYPTO' sama5d27_som1_ek_mmc Building current source for 2 boards (2 threads, 8 jobs per thread) arm: + sama5d27_som1_ek_mmc +tools/image-host.c:17:10: fatal error: openssl/pem.h: No such file or directory + 17 | #include <openssl/pem.h> + | ^~~~~~~~~~~~~~~ +compilation terminated. +make[2]: *** [scripts/Makefile.host:112: tools/image-host.o] Error 1 +make[1]: *** [Makefile:1858: tools] Error 2 +make: *** [Makefile:177: sub-make] Error 2 arm: + sama5d27_som1_ek_mmc1 +tools/image-host.c:17:10: fatal error: openssl/pem.h: No such file or directory + 17 | #include <openssl/pem.h> + | ^~~~~~~~~~~~~~~ +compilation terminated. +make[2]: *** [scripts/Makefile.host:112: tools/image-host.o] Error 1 +make[1]: *** [Makefile:1858: tools] Error 2 +make: *** [Makefile:177: sub-make] Error 2 0 0 2 /2 sama5d27_som1_ek_mmc1 Completed: 2 total built, 2 newly), duration 0:00:01, rate 2.00
Did you have time to look into this again? Or maybe did you sent an updated series I overlooked?
Greets Alex
include/image.h | 2 +- tools/Kconfig | 1 + tools/fit_image.c | 2 +- tools/image-host.c | 2 ++ tools/mkimage.c | 5 +++-- 5 files changed, 8 insertions(+), 4 deletions(-)
diff --git a/include/image.h b/include/image.h index 7717a4c13d..6a616d15fb 100644 --- a/include/image.h +++ b/include/image.h @@ -1388,7 +1388,7 @@ int calculate_hash(const void *data, int data_len, const char *algo, * device */ #if defined(USE_HOSTCC) -# if defined(CONFIG_FIT_SIGNATURE) +# if CONFIG_IS_ENABLED(FIT_SIGNATURE) # define IMAGE_ENABLE_SIGN 1 # define FIT_IMAGE_ENABLE_VERIFY 1 # include <openssl/evp.h> diff --git a/tools/Kconfig b/tools/Kconfig index 539708f277..cfad26302c 100644 --- a/tools/Kconfig +++ b/tools/Kconfig @@ -46,6 +46,7 @@ config TOOLS_FIT_RSASSA_PSS Support the rsassa-pss signature scheme in the tools builds
config TOOLS_FIT_SIGNATURE
- depends on TOOLS_LIBCRYPTO def_bool y help Enable signature verification of FIT uImages in the tools builds
diff --git a/tools/fit_image.c b/tools/fit_image.c index 8a18b1b0ba..148dc5df40 100644 --- a/tools/fit_image.c +++ b/tools/fit_image.c @@ -61,7 +61,7 @@ static int fit_add_file_data(struct image_tool_params *params, size_t size_inc, ret = fit_set_timestamp(ptr, 0, time); }
- if (!ret)
if (CONFIG_IS_ENABLED(FIT_SIGNATURE) && !ret) ret = fit_pre_load_data(params->keydir, dest_blob, ptr);
if (!ret) {
diff --git a/tools/image-host.c b/tools/image-host.c index 4a24dee815..d09a03bd76 100644 --- a/tools/image-host.c +++ b/tools/image-host.c @@ -1119,6 +1119,7 @@ static int fit_config_add_verification_data(const char *keydir, return 0; }
+#if CONFIG_IS_ENABLED(FIT_SIGNATURE) /*
- open file (open)
- read certificate (PEM_read_X509)
@@ -1227,6 +1228,7 @@ int fit_pre_load_data(const char *keydir, void *keydest, void *fit) out: return ret; } +#endif
int fit_cipher_data(const char *keydir, void *keydest, void *fit, const char *comment, int require_keys, diff --git a/tools/mkimage.c b/tools/mkimage.c index 8306861ce5..866410934e 100644 --- a/tools/mkimage.c +++ b/tools/mkimage.c @@ -115,7 +115,7 @@ static void usage(const char *msg) " -B => align size in hex for FIT structure and
header\n"
" -b => append the device tree binary to the
FIT\n"
" -t => update the timestamp in the FIT\n");-#ifdef CONFIG_FIT_SIGNATURE +#if CONFIG_IS_ENABLED(FIT_SIGNATURE) fprintf(stderr, "Signing / verified boot options: [-k keydir] [-K dtb] [
-c <comment>]
[-p addr] [-r] [-N engine]\n" " -k => set directory containing private keys\n" @@ -130,8 +130,9 @@ static void usage(const char *msg) " -o => algorithm to use for signing\n"); #else fprintf(stderr,
"Signing / verified boot not supported
(CONFIG_FIT_SIGNATURE
undefined)\n"); + "Signing / verified boot not supported (CONFIG_TOOLS_FIT_SIGNATURE undefined)\n"); #endif
- fprintf(stderr, " %s -V ==> print version information and
exit\n",
params.cmdname);fprintf(stderr, "Use '-T list' to see a list of available image
types\n");