[U-Boot] RSA in U-Boot

Tom Rini trini at konsulko.com
Thu May 16 12:07:55 UTC 2019


On Thu, May 16, 2019 at 08:56:40PM +0900, AKASHI Takahiro wrote:
> Hi Tom,
> 
> On Thu, May 16, 2019 at 07:13:59AM -0400, Tom Rini wrote:
> > On Thu, May 16, 2019 at 01:45:54PM +0300, Ilias Apalodimas wrote:
> > > On Thu, May 16, 2019 at 12:39:02PM +0200, Wolfgang Denk wrote:
> > > Hello Wolfgang, 
> > > 
> > > Thanks for taking the time with this
> > > > > 
> > > > > There is LibreSSL as well which is a fork of openssl. Guess that too should
> > > > > be fine. What would be the more preferred solution here. The relevant bits
> > > > > can be imported from the kernel code into u-boot, or there can be a
> > > > > solution with linking of ssl/tls library with u-boot. Which would be the
> > > > > more preferred solution. It'd be great if the maintainers can comment on
> > > > > this. Thanks.
> > > > 
> > > > I'd go for the Linux kernel code.  A number of issues we have here
> > > > (cross compiling, code size, license compatibility, long term
> > > > maintenance efforts) have already been considered there, so why
> > > > should we duplicate all these efforts?  And if we did, is there any
> > > > clear benefit from doing this?
> > > Well someone has to port the linux code in U-Boot and maintain it though.
> > > 
> > > The LibreSSL proposal was made with some of these in mind. 
> > > We don't expect the licence to ever change (which is compatible) 
> > > and it's being maintained. 
> > > I am not sure on the portability status, but i think it runs on all major
> > > architectures.
> > > 
> > > I'd imagine this lifts the maintenance burden from U-Boot. On the other 
> > > hand we'll rely on an external library to offer the functionality. 
> > 
> > I don't see how using LibreSSL instead of Linux kernel code would have a
> > lesser maintenance burden, sorry.  If anything, given the number of
> > parts of the code we have today that come from the Linux kernel, adding
> > one more to the "keep in sync, or at least port bugfixes" list is less
> > than "add a new external project to keep an eye on".
> 
> # I will reply on this topic in more details tomorrow.
> 
> Can you give me an example of U-Boot code which comes from linux (or
> other projects) and is regularly synced (or updated) with the origin?
> Who maintains that? and how?

The device trees are one example.  Kbuild is another.  ubifs too.  We
just added lib/zstd :)

-- 
Tom
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: not available
URL: <http://lists.denx.de/pipermail/u-boot/attachments/20190516/010072be/attachment.sig>


More information about the U-Boot mailing list