[U-Boot] [PATCH v1 00/11] import x509/pkcs7 parsers from linux

Heinrich Schuchardt xypron.glpk at gmx.de
Tue Oct 15 11:10:02 UTC 2019


On 10/15/19 10:56 AM, AKASHI Takahiro wrote:
> On Tue, Oct 15, 2019 at 07:33:18AM +0200, Heinrich Schuchardt wrote:
>> On 10/15/19 5:18 AM, AKASHI Takahiro wrote:
>>> On Sat, Oct 12, 2019 at 03:02:09PM +0200, Heinrich Schuchardt wrote:
>>>> On 10/11/19 9:55 AM, AKASHI Takahiro wrote:
>>>>> I hope this patch set will be reviewed promptly as I'm aiming to
>>>>> push my "UEFI secure boot" patch for v2020.01.
>>>>>
>>>>
>>>> How can I make all of these new files being built to check for build
>>>> warnings?
>>>
>>> As always in my case of UEFI secure boot, they have gone through build and
>>> run/tests as part of UEFI secure boot. This is also true for RSA
>>> extension as UEFI secure boot is the only user of those features.
>>
>> Did you run them through Travis?
>>
>>>
>>> Please note that almost of all the code here come from the latest
>>> linux code without any changes. A few changes that I made are
>>> quite U-Boot/UEFI-secure-boot specific and is *best* tested through
>>> UEFI secure boot test.
>>>
>>> That said, you can at least build the code by enabling
>>>    Library routines
>>>      Security support
>>>        Asymmetric Key Support
>>>          CONFIG_ASYMMETRIC_PUBLIC_KEY_SUBTYPE
>>>          CONFIG_X509_CERTIFICATE_PARSER
>>>          CONFIG_PKCS7_MESSAGE_PARSER
>>>
>>>> Please, provide unit tests for the patch series.
>>>
>>> As I said above, it will be exercised and tested under UEFI secure boot
>>> test.
>>
>> If there is nothing I can test now, I would not know how to evaluate
>> these patches.
>
> Do you ask me to write "unit tests" to test all the aspects of
> asn1 compiler and parsers that I have not developed any part of
> and that are not changed from the original?
> Doesn't make sense.

Wouldn't it be enough to ASN1-compile one file and check the MD5 hash of
the result file?

Regards

Heinrich

>
>> There is good reason that we have unit tests and don't simply say U-Boot
>> can be tested by booting Linux.
>
> There are lots of examples, one is the original RSA routines, as I said,
> which have not direct-linked tests and are only tested by vboot.py.
>
>>>
>>>> Please, provide a documentation how these different tools and files work
>>>> together.
>>>
>>> What do you mean by different tools?
>>> Asn1 compiler and what?
>>> Do you want to have doc/README.asn1compiler?
>>
>> This patch series provides some puzzle pieces but doesn't tell me how
>> they fit together. Maybe a README describing the different elements
>> provided for UEFI secure boot would be most appropriate.
>
> All what you need to know is that the patch set will generate
> and provide x509 parser and pkcs7 parser as a result of build process.
>
> I will a few lines of README.asn1compiler to describe that.
>
> -Takahiro Akashi
>
>> Best regards
>>
>> Heinrich
>>
>>>
>>> Thanks,
>>> -Takahiro Akashi
>>>
>>>
>>>> Best regards
>>>>
>>>> Heinrich
>>>
>>
>



More information about the U-Boot mailing list