[U-Boot] RSA in U-Boot

Ilias Apalodimas ilias.apalodimas at linaro.org
Thu May 16 11:19:09 UTC 2019


Hi Tom,
> > On Thu, May 16, 2019 at 12:39:02PM +0200, Wolfgang Denk wrote:
> > Hello Wolfgang, 
> > 
> > Thanks for taking the time with this
> > > > 
> > > > There is LibreSSL as well which is a fork of openssl. Guess that too should
> > > > be fine. What would be the more preferred solution here. The relevant bits
> > > > can be imported from the kernel code into u-boot, or there can be a
> > > > solution with linking of ssl/tls library with u-boot. Which would be the
> > > > more preferred solution. It'd be great if the maintainers can comment on
> > > > this. Thanks.
> > > 
> > > I'd go for the Linux kernel code.  A number of issues we have here
> > > (cross compiling, code size, license compatibility, long term
> > > maintenance efforts) have already been considered there, so why
> > > should we duplicate all these efforts?  And if we did, is there any
> > > clear benefit from doing this?
> > Well someone has to port the linux code in U-Boot and maintain it though.
> > 
> > The LibreSSL proposal was made with some of these in mind. 
> > We don't expect the licence to ever change (which is compatible) 
> > and it's being maintained. 
> > I am not sure on the portability status, but i think it runs on all major
> > architectures.
> > 
> > I'd imagine this lifts the maintenance burden from U-Boot. On the other 
> > hand we'll rely on an external library to offer the functionality. 
> 
> I don't see how using LibreSSL instead of Linux kernel code would have a
> lesser maintenance burden, sorry.  If anything, given the number of
> parts of the code we have today that come from the Linux kernel, adding
> one more to the "keep in sync, or at least port bugfixes" list is less
> than "add a new external project to keep an eye on".
> 
Right then we know what we have to do. Kernel code it is. 

Thanks a lot 
/Ilias


More information about the U-Boot mailing list