[U-Boot] RSA in U-Boot

[Tom Rini]

On Thu, May 16, 2019 at 01:45:54PM +0300, Ilias Apalodimas wrote:
> On Thu, May 16, 2019 at 12:39:02PM +0200, Wolfgang Denk wrote:
> Hello Wolfgang, 
> 
> Thanks for taking the time with this
> > > 
> > > There is LibreSSL as well which is a fork of openssl. Guess that too should
> > > be fine. What would be the more preferred solution here. The relevant bits
> > > can be imported from the kernel code into u-boot, or there can be a
> > > solution with linking of ssl/tls library with u-boot. Which would be the
> > > more preferred solution. It'd be great if the maintainers can comment on
> > > this. Thanks.
> > 
> > I'd go for the Linux kernel code.  A number of issues we have here
> > (cross compiling, code size, license compatibility, long term
> > maintenance efforts) have already been considered there, so why
> > should we duplicate all these efforts?  And if we did, is there any
> > clear benefit from doing this?
> Well someone has to port the linux code in U-Boot and maintain it though.
> 
> The LibreSSL proposal was made with some of these in mind. 
> We don't expect the licence to ever change (which is compatible) 
> and it's being maintained. 
> I am not sure on the portability status, but i think it runs on all major
> architectures.
> 
> I'd imagine this lifts the maintenance burden from U-Boot. On the other 
> hand we'll rely on an external library to offer the functionality. 

I don't see how using LibreSSL instead of Linux kernel code would have a
lesser maintenance burden, sorry.  If anything, given the number of
parts of the code we have today that come from the Linux kernel, adding
one more to the "keep in sync, or at least port bugfixes" list is less
than "add a new external project to keep an eye on".

-- 
Tom
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: not available
URL: <http://lists.denx.de/pipermail/u-boot/attachments/20190516/1bc3d083/attachment.sig>