[U-Boot] [PATCH v3 03/12] image: Add RSA support for image signing

Tom Rini trini at ti.com
Thu Jun 27 14:50:48 CEST 2013 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 06/27/2013 02:44 AM, Simon Glass wrote:
> Hi Masahiro,
> 
> On Wed, Jun 26, 2013 at 9:08 PM, Masahiro Yamada 
> <yamada.m at jp.panasonic.com <mailto:yamada.m at jp.panasonic.com>> 
> wrote:
> 
> Hello, Simon.
> 
> 
> When compiling the master branch, I got an error while a 
> tools/mkimage build.
> 
> 
> u-boot/lib/rsa/rsa-sign.c:26:25: fatal error: openssl/rsa.h: No 
> such file or directory
> 
> 
> I think this erorr is caused by commit 19c402a.
> 
> 
> I searched and installed the necessary package and I could resolve 
> this error.
> 
> $ apt-file search openssl/rsa.h libssl-dev: 
> /usr/include/openssl/rsa.h $ sudo apt-get install libssl-dev
> 
> 
> Let me ask a question.
> 
> Going forward do we always need the openssl development package
> for creating mkimage tool? Or is it possible to disable RSA feature
> by some CONFIG option?
> 
> 
> This is to support verified boot using FIT. Yes it would be 
> possible to make it an option. I had it that way for a while, but 
> then I worried that it would create two versions of mkimage, one
> of which is incapable of signing images. That means that mkimage
> would need to be built for a board with verified boot enabled in
> order to get full functionality.
> 
> Perhaps another way would be to check for the header and (if not 
> present), silently build without signing support?

Hurk, dang it.. Yes, I think we need to build and go with an error
message on attempted use.  Skimming the code, we can't rely on
CONFIG_FIT_SIGNATURE being inherited from the config, on the host
side, yes?

- -- 
Tom
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/

iQIcBAEBAgAGBQJRzDUoAAoJENk4IS6UOR1WOF8P/in1joGCy0NcOJ3g3PKRRi5Y
eUgwTbOaQ3x82dJ3820YEkxSpaJIxiw+l0cvbWVH9TR6wO/7EiVjNLmFwauhuVBU
BAf9ghleHjd3T6utxEzDk0z9O2E9f8aliSQ1d31oK1NrM/IvhW06udv6V0shFRCN
i3uD4bkWPgv+qChZ+94ma4rc3SDz393lG2dwn0L9TZ/Kv3qOaoEr1qTDSS2fRXqg
2Yd1vFD3mT9ZEMQwfteoThuXWZfyWFYfh9wsUjwjHonJNauwKkZgWFHnZpYCv6tJ
TQEOH7pVpO7RAMFw/7f/tXdk/U2Qnmq/GH0Gy/p9E7UYb4IqXNGrXBOjhEGizH+c
gA4bAxjooHoVayUf/m3m6g5WUd1uv6cKhcS5WppmaduPdPncB8wPKxksT/ti1NKi
4yDdFLsudPvO+0R94MT+5dgV4Album8aoICmSgzxRy+3x9lGGxEGHeCleDtwnLTR
dQEnmUEweKvwL1MNJZ6TBtqekbf/hKVbgn4EqEi0fb4CLKCVFOGT3YSu8oWDaZEQ
q0C08/hn6lNgbGqTQL83I0lahp2HiPjHZMvUVVcE0lzOIowkTLLxvsZLfLhlCdXv
LxG26Pi0rG/CU8BnYQ/W00X4HPi20UDOt9nLyINq63ctKLWKMMA3B7IkcpBGbT2U
dA8uceK04MStQdxiB3kh
=wI1Q
-----END PGP SIGNATURE-----

More information about the U-Boot mailing list