[PATCH 0/4] sunxi: TOC0 image type support
Tom Rini
trini at konsulko.com
Mon Jun 21 22:35:37 CEST 2021
On Mon, Jun 21, 2021 at 04:43:00PM +0100, Andre Przywara wrote:
> On Sun, 20 Jun 2021 21:55:51 -0500
> Samuel Holland <samuel at sholland.org> wrote:
>
> (CC:ing Tom and Simon for the compatibility problem below)
>
> Hi,
>
> > This series adds support for the TOC0 image format used by the Allwinner
> > secure boot ROM (SBROM). This series has been tested on the following
> > SoCs/boards, with the eFuse burnt to enable secure mode:
> > - A64: Pine A64 Plus
> > - H5: Orange Pi Zero Plus
> > - H6: Pine H64 Model B
> > - H616: Orange Pi Zero 2
>
> many thanks for sending this. In general this looks good (will do a
> more thorough review soon), just one thing that bothered me:
>
> This requires OpenSLL 1.1.x. There is nothing really wrong about this,
> but my (admittedly not the freshest) Slackware, but also long term
> distros like RHEL/CentOS (<=7), still come with 1.0.x (headers) only.
>
> I was wondering how important this is? I have the impression that
> embedded developers sometimes use old^Wstable systems, so some people
> might be bitten by it. I think in this case it will affect all user
> trying to build mkimage, regardless of the target platform?
>
> So I wanted to know what to do here?
> - Can we provide some kind of compatibility support? OpenSSL seems
> to provide something:
> https://wiki.openssl.org/index.php/OpenSSL_1.1.0_Changes#Compatibility_Layer
> Haven't tested that fully yet, just downloading that tarball
> does not seem to cut it (or is missing files?). I guess one needs to
> copy&paste some code from the Wiki?
> - Shall we detect missing v1.1.x support (via #if OPENSSL_VERSION_NUMBER
> < 0x10100000L) and disable just sunxi_toc0 support in this case?
There's two things. First, the series should be on top of (sorry!)
https://patchwork.ozlabs.org/project/uboot/patch/20210524202317.1492578-1-mr.nuke.me@gmail.com/
which adds a similar Kconfig option to make building tools easier.
Second, while I think not supporting openssl 1.0.x is fine, I would like
to again ask for someone to spend the time looking at switching to one
of the GPL-compatible libraries as I'm pretty sure it's been raised a
few times that we can't link with openssl like we do. This isn't a
blocker for the series, just an ask for help with a known problem.
Thanks!
--
Tom
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 659 bytes
Desc: not available
URL: <https://lists.denx.de/pipermail/u-boot/attachments/20210621/46f0b68b/attachment.sig>
More information about the U-Boot
mailing list