[PATCH 1/1] configs: add mkeficapsule to tools-only_defconfig

Tom Rini trini at konsulko.com
Thu Sep 9 14:15:43 CEST 2021


On Thu, Sep 09, 2021 at 09:10:23PM +0900, AKASHI Takahiro wrote:
> Tom,
> 
> On Thu, Sep 09, 2021 at 07:46:15AM -0400, Tom Rini wrote:
> > On Thu, Sep 09, 2021 at 05:30:36PM +0900, AKASHI Takahiro wrote:
> > > On Thu, Sep 09, 2021 at 09:27:50AM +0200, Heinrich Schuchardt wrote:
> > > > On 9/9/21 8:09 AM, AKASHI Takahiro wrote:
> > > > > On Thu, Sep 09, 2021 at 07:27:10AM +0200, Heinrich Schuchardt wrote:
> > > > > > mkeficapsule is used to create capsules for UEFI firmware update.
> > > > > > To ease inclusion into U-Boot tools packages of Linux distributions we
> > > > > > should add it to the tools-only_defconfig.
> > > > > > 
> > > > > > Provide dummy values for CONFIG_AVB_BUF_ADDR, CONFIG_AVB_BUF_SIZE to
> > > > > > satisfy Kconfig.
> > > > > > 
> > > > > > Suggested-by: Vagrant Cascadian <vagrant at debian.org>
> > > > > > Signed-off-by: Heinrich Schuchardt <xypron.glpk at gmx.de>
> > > > > > ---
> > > > > >   configs/tools-only_defconfig | 7 ++++++-
> > > > > >   1 file changed, 6 insertions(+), 1 deletion(-)
> > > > > > 
> > > > > > diff --git a/configs/tools-only_defconfig b/configs/tools-only_defconfig
> > > > > > index f54bc1802c..8a20d3fb05 100644
> > > > > > --- a/configs/tools-only_defconfig
> > > > > > +++ b/configs/tools-only_defconfig
> > > > > > @@ -5,6 +5,8 @@ CONFIG_ANDROID_BOOT_IMAGE=y
> > > > > >   CONFIG_FIT=y
> > > > > >   CONFIG_FIT_SIGNATURE=y
> > > > > >   CONFIG_MISC_INIT_F=y
> > > > > > +CONFIG_AVB_BUF_ADDR=0x0
> > > > > > +CONFIG_AVB_BUF_SIZE=0x8192
> > > > > >   # CONFIG_CMD_BOOTD is not set
> > > > > >   # CONFIG_CMD_BOOTM is not set
> > > > > >   # CONFIG_CMD_ELF is not set
> > > > > > @@ -29,4 +31,7 @@ CONFIG_SYSRESET=y
> > > > > >   # CONFIG_VIRTIO_MMIO is not set
> > > > > >   # CONFIG_VIRTIO_PCI is not set
> > > > > >   # CONFIG_VIRTIO_SANDBOX is not set
> > > > > > -# CONFIG_EFI_LOADER is not set
> > > > > > +CONFIG_EFI_CAPSULE_ON_DISK=y
> > > > > > +CONFIG_EFI_CAPSULE_FIRMWARE_FIT=y
> > > > > > +CONFIG_EFI_CAPSULE_FIRMWARE_RAW=y
> > > > > > +CONFIG_EFI_CAPSULE_AUTHENTICATE=y
> > > > > 
> > > > > I think that we should use the way that I suggested in my patch[1].
> > > > > 
> > > > > -Takahiro Akashi
> > > > > 
> > > > > [1] https://lists.denx.de/pipermail/u-boot/2021-August/459349.html
> > > > 
> > > > Your patch [1] still requires some rework:
> > > > https://patchwork.ozlabs.org/project/uboot/patch/20210831024659.53464-2-takahiro.akashi@linaro.org/
> > > > 
> > > > [1] changes what mkeficapsule looks like and this patch makes it
> > > > available in tools-only_defconfig?
> > > > 
> > > > Aren't these two patches complementary?
> > > 
> > > With my patch applied, the only option we need to compile mkeficapsule is:
> > >    CONFIG_TOOLS_MKEFICAPSULE
> > >    (and optionally CONFIG_TOOLS_LIBCRYPTO)
> > > 
> > > There is no target-config dependency as you have expected.
> > 
> > There's two issues.  First, the general one is that when just building
> > host tools (typically to package up in a distribution of some sort), it
> > shouldn't depend on how "U-Boot" was configured (set aside the default
> > environment problem).
> 
> I don't get your point. CONFIG_TOOLS_MKEFICAPSULE is only for building
> mkeficapsule. It has nothing to do with U-Boot itself.

My point is that "make tools-only" must build all the tools that would
be packaged up in a distribution or otherwise sent to end users.  It
must not depend on (with the exceptions above) how we configured the
build.

> > CONFIG_TOOLS_LIBCRYPTO is the exception here as
> > it's how we make things reproducible at least, with respect to libcrypto
> > related requirements.  The second is that "tools-only_defconfig" is
> > what's used when configuring U-Boot (as tools care about
> > CONFIG_TOOLS_LIBCRYPTO but also LOCALVERSION).
> 
> Again, I don't get your point.
> Do you mean that we don't need "make tools-only_defconfig" for
> "make tools"?

I mean that for all real configurations of U-Boot, "make tools" (or,
"make tools-only") is expected to work.  And also that
"tools-only_defconfig" isn't a real U-Boot config, but a dummy config to
support distributions being able to build and package the host tools,
and use the "tools-only" build target.

> > That said, I would like to know why AVB stuff comes in for building
> > mkeficapsule.  Is there shared code?  If so, are these dummy variables
> > OK and not going to cause a problem?
> 
> What does AVB mean?

My question here was to Heinrich, as he's adding dummy values for AVB,
which is Android Verified Boot, to the tools-only_defconfig and I want
to know what's pulling that in, and it matters for the host tools
themselves in some way.  I hope not, in which case the dummy values are
fine.

-- 
Tom
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 659 bytes
Desc: not available
URL: <https://lists.denx.de/pipermail/u-boot/attachments/20210909/1fb3af1f/attachment.sig>


More information about the U-Boot mailing list