[PATCH v2 16/50] image: Add Kconfig options for FIT in the host build
mr.nuke.me at gmail.com
Wed May 19 17:49:57 CEST 2021
On 5/17/21 8:23 PM, AKASHI Takahiro wrote:
> On Mon, May 17, 2021 at 05:29:44PM -0500, Alex G. wrote:
>> On 5/12/21 12:14 PM, Tom Rini wrote:
>>> On Wed, May 12, 2021 at 11:19:52AM -0500, Alex G. wrote:
>>>> On 5/12/21 10:52 AM, Simon Glass wrote:
>>>>> We have a NO_SDL build-time control. Perhaps have a NO_SSL one as well?
>>>> It could be a config option instead of an environment variable. I think it
>>>> can be independent of target options, since we don't sign images in the
>>>> buildsystem anyway -- we can enable FIT verification, but mkimage without
>>> As people point out from time to time, "NO_SDL" is very non-obvious and
>>> doesn't fit with how the rest of U-Boot is configured. So I would
>>> rather not see NO_SSL added.
>> FYI, I have a proof-of-concept for the NO_SSL idea using Kconfig  instead
>> of environment variahles. It's not yet ready for publication.
>>  https://github.com/mrnuke/u-boot/commit/c054c546a8de54e41d3802fe60ad9389095e673b
> I have posted a patch for a similar *signing* tool using OpenSSL.
> Basically, I'd like to follow the way agreed here about how OpenSSL
> be handled in host tools.
> So please keep in mind that there can be another use case of this kind
> of host Kconfig option.
>  https://lists.denx.de/pipermail/u-boot/2021-May/449572.html
I can't ask you to change your patch based on my ideas, as I my changes
have not yet been submitted for review. However, should you want to
anticipate, make sure that there's one and only one variable that
determines if OpenSSL is linked.
I also suspect Tom would be quite thrilled if your patch started using
gnutls instead of openssl. I'm not sure how sane things would look
having both gnutls and openssl dependencies; however, I suspect it might
be acceptable as long as it's temporary.
These decisions haven't been made yet. I don't want to send you on a
wild goose refactoring chase, only to have the rug pulled from under you
later. I think it's okay to continue with your patch as submitted. I'll
update my patch accordingly when yours gets merged first -- looks easy
More information about the U-Boot