[PATCH 1/1] configs: add mkeficapsule to tools-only_defconfig

AKASHI Takahiro takahiro.akashi at linaro.org
Thu Sep 9 14:47:21 CEST 2021


On Thu, Sep 09, 2021 at 08:15:43AM -0400, Tom Rini wrote:
> On Thu, Sep 09, 2021 at 09:10:23PM +0900, AKASHI Takahiro wrote:
> > Tom,
> > 
> > On Thu, Sep 09, 2021 at 07:46:15AM -0400, Tom Rini wrote:
> > > On Thu, Sep 09, 2021 at 05:30:36PM +0900, AKASHI Takahiro wrote:
> > > > On Thu, Sep 09, 2021 at 09:27:50AM +0200, Heinrich Schuchardt wrote:
> > > > > On 9/9/21 8:09 AM, AKASHI Takahiro wrote:
> > > > > > On Thu, Sep 09, 2021 at 07:27:10AM +0200, Heinrich Schuchardt wrote:
> > > > > > > mkeficapsule is used to create capsules for UEFI firmware update.
> > > > > > > To ease inclusion into U-Boot tools packages of Linux distributions we
> > > > > > > should add it to the tools-only_defconfig.
> > > > > > > 
> > > > > > > Provide dummy values for CONFIG_AVB_BUF_ADDR, CONFIG_AVB_BUF_SIZE to
> > > > > > > satisfy Kconfig.
> > > > > > > 
> > > > > > > Suggested-by: Vagrant Cascadian <vagrant at debian.org>
> > > > > > > Signed-off-by: Heinrich Schuchardt <xypron.glpk at gmx.de>
> > > > > > > ---
> > > > > > >   configs/tools-only_defconfig | 7 ++++++-
> > > > > > >   1 file changed, 6 insertions(+), 1 deletion(-)
> > > > > > > 
> > > > > > > diff --git a/configs/tools-only_defconfig b/configs/tools-only_defconfig
> > > > > > > index f54bc1802c..8a20d3fb05 100644
> > > > > > > --- a/configs/tools-only_defconfig
> > > > > > > +++ b/configs/tools-only_defconfig
> > > > > > > @@ -5,6 +5,8 @@ CONFIG_ANDROID_BOOT_IMAGE=y
> > > > > > >   CONFIG_FIT=y
> > > > > > >   CONFIG_FIT_SIGNATURE=y
> > > > > > >   CONFIG_MISC_INIT_F=y
> > > > > > > +CONFIG_AVB_BUF_ADDR=0x0
> > > > > > > +CONFIG_AVB_BUF_SIZE=0x8192
> > > > > > >   # CONFIG_CMD_BOOTD is not set
> > > > > > >   # CONFIG_CMD_BOOTM is not set
> > > > > > >   # CONFIG_CMD_ELF is not set
> > > > > > > @@ -29,4 +31,7 @@ CONFIG_SYSRESET=y
> > > > > > >   # CONFIG_VIRTIO_MMIO is not set
> > > > > > >   # CONFIG_VIRTIO_PCI is not set
> > > > > > >   # CONFIG_VIRTIO_SANDBOX is not set
> > > > > > > -# CONFIG_EFI_LOADER is not set
> > > > > > > +CONFIG_EFI_CAPSULE_ON_DISK=y
> > > > > > > +CONFIG_EFI_CAPSULE_FIRMWARE_FIT=y
> > > > > > > +CONFIG_EFI_CAPSULE_FIRMWARE_RAW=y
> > > > > > > +CONFIG_EFI_CAPSULE_AUTHENTICATE=y
> > > > > > 
> > > > > > I think that we should use the way that I suggested in my patch[1].
> > > > > > 
> > > > > > -Takahiro Akashi
> > > > > > 
> > > > > > [1] https://lists.denx.de/pipermail/u-boot/2021-August/459349.html
> > > > > 
> > > > > Your patch [1] still requires some rework:
> > > > > https://patchwork.ozlabs.org/project/uboot/patch/20210831024659.53464-2-takahiro.akashi@linaro.org/
> > > > > 
> > > > > [1] changes what mkeficapsule looks like and this patch makes it
> > > > > available in tools-only_defconfig?
> > > > > 
> > > > > Aren't these two patches complementary?
> > > > 
> > > > With my patch applied, the only option we need to compile mkeficapsule is:
> > > >    CONFIG_TOOLS_MKEFICAPSULE
> > > >    (and optionally CONFIG_TOOLS_LIBCRYPTO)
> > > > 
> > > > There is no target-config dependency as you have expected.
> > > 
> > > There's two issues.  First, the general one is that when just building
> > > host tools (typically to package up in a distribution of some sort), it
> > > shouldn't depend on how "U-Boot" was configured (set aside the default
> > > environment problem).
> > 
> > I don't get your point. CONFIG_TOOLS_MKEFICAPSULE is only for building
> > mkeficapsule. It has nothing to do with U-Boot itself.
> 
> My point is that "make tools-only" must build all the tools that would
> be packaged up in a distribution or otherwise sent to end users.  It
> must not depend on (with the exceptions above) how we configured the
> build.

I can see bunch of "hostprogs-$(CONFIG_...) += ...", and
some of them are not always built.
So what do you mean by "all the tools"?

Which tools be packed in is totally up to a distro, isn't it?

-Takahiro Akashi

> > > CONFIG_TOOLS_LIBCRYPTO is the exception here as
> > > it's how we make things reproducible at least, with respect to libcrypto
> > > related requirements.  The second is that "tools-only_defconfig" is
> > > what's used when configuring U-Boot (as tools care about
> > > CONFIG_TOOLS_LIBCRYPTO but also LOCALVERSION).
> > 
> > Again, I don't get your point.
> > Do you mean that we don't need "make tools-only_defconfig" for
> > "make tools"?
> 
> I mean that for all real configurations of U-Boot, "make tools" (or,
> "make tools-only") is expected to work.  And also that
> "tools-only_defconfig" isn't a real U-Boot config, but a dummy config to
> support distributions being able to build and package the host tools,
> and use the "tools-only" build target.
> 
> > > That said, I would like to know why AVB stuff comes in for building
> > > mkeficapsule.  Is there shared code?  If so, are these dummy variables
> > > OK and not going to cause a problem?
> > 
> > What does AVB mean?
> 
> My question here was to Heinrich, as he's adding dummy values for AVB,
> which is Android Verified Boot, to the tools-only_defconfig and I want
> to know what's pulling that in, and it matters for the host tools
> themselves in some way.  I hope not, in which case the dummy values are
> fine.
> 
> -- 
> Tom




More information about the U-Boot mailing list