[U-Boot] RSA in U-Boot
Ilias Apalodimas
ilias.apalodimas at linaro.org
Thu May 16 11:19:09 UTC 2019
Hi Tom,
> > On Thu, May 16, 2019 at 12:39:02PM +0200, Wolfgang Denk wrote:
> > Hello Wolfgang,
> >
> > Thanks for taking the time with this
> > > >
> > > > There is LibreSSL as well which is a fork of openssl. Guess that too should
> > > > be fine. What would be the more preferred solution here. The relevant bits
> > > > can be imported from the kernel code into u-boot, or there can be a
> > > > solution with linking of ssl/tls library with u-boot. Which would be the
> > > > more preferred solution. It'd be great if the maintainers can comment on
> > > > this. Thanks.
> > >
> > > I'd go for the Linux kernel code. A number of issues we have here
> > > (cross compiling, code size, license compatibility, long term
> > > maintenance efforts) have already been considered there, so why
> > > should we duplicate all these efforts? And if we did, is there any
> > > clear benefit from doing this?
> > Well someone has to port the linux code in U-Boot and maintain it though.
> >
> > The LibreSSL proposal was made with some of these in mind.
> > We don't expect the licence to ever change (which is compatible)
> > and it's being maintained.
> > I am not sure on the portability status, but i think it runs on all major
> > architectures.
> >
> > I'd imagine this lifts the maintenance burden from U-Boot. On the other
> > hand we'll rely on an external library to offer the functionality.
>
> I don't see how using LibreSSL instead of Linux kernel code would have a
> lesser maintenance burden, sorry. If anything, given the number of
> parts of the code we have today that come from the Linux kernel, adding
> one more to the "keep in sync, or at least port bugfixes" list is less
> than "add a new external project to keep an eye on".
>
Right then we know what we have to do. Kernel code it is.
Thanks a lot
/Ilias
More information about the U-Boot
mailing list