[PATCH v2 16/50] image: Add Kconfig options for FIT in the host build
Alex G.
mr.nuke.me at gmail.com
Tue May 18 00:29:44 CEST 2021
On 5/12/21 12:14 PM, Tom Rini wrote:
> On Wed, May 12, 2021 at 11:19:52AM -0500, Alex G. wrote:
>>
>>
>> On 5/12/21 10:52 AM, Simon Glass wrote:
[snip]
>>> We have a NO_SDL build-time control. Perhaps have a NO_SSL one as well?
>>
>> It could be a config option instead of an environment variable. I think it
>> can be independent of target options, since we don't sign images in the
>> buildsystem anyway -- we can enable FIT verification, but mkimage without
>> openssl.
>
> As people point out from time to time, "NO_SDL" is very non-obvious and
> doesn't fit with how the rest of U-Boot is configured. So I would
> rather not see NO_SSL added.
FYI, I have a proof-of-concept for the NO_SSL idea using Kconfig [1]
instead of environment variahles. It's not yet ready for publication.
[1]
https://github.com/mrnuke/u-boot/commit/c054c546a8de54e41d3802fe60ad9389095e673b
> Frankly, given everything else that's
> needed to build today, I don't think just enabling the support for
> verified boot in mkimage by default and making it a bit odd to turn off
> is a problem. But given:
> https://lists.denx.de/pipermail/u-boot/2017-December/313742.html
> I would really like to see the switch to gnutls or some other clearly
> compatibly licensed library first.
Might be interesting to switch to gnutls, even if only because it
doesn't burn your eyes looking at function names and variable types. I
wouldn't mind looking into this, but I just don't have the bandwidth
nowadays.
Alex
More information about the U-Boot
mailing list