[PATCH v1 2/2] tools: fix build without LIBCRYPTO support
Alexander Dahl
ada at thorsis.com
Wed Dec 13 16:38:09 CET 2023
Hello,
Am Samstag, 21. Januar 2023, 16:47:42 CET schrieb Paul-Erwan Rio:
> Commit <cb9faa6f98ae56d70d59505dad290dd3d381cb7b> introduced a
> target-independent configuration to build crypto features in host tools.
>
> But since commit <2c21256b27d70b5950bd059330cdab027fb6ab7e>, the build
> without OpenSSL is broken, due to FIT signature/encryption features. Add
> missing conditional compilation tokens to fix this.
>
> Signed-off-by: Paul-Erwan Rio <paulerwan.rio at gmail.com>
I applied your patch to my v2023.10 based tree and it fails to build
(just using one board as example here, it is not the only one
failing).
% buildman -o ~/build/u-boot/buildman -Pr -a '~CONFIG_TOOLS_LIBCRYPTO' sama5d27_som1_ek_mmc
Building current source for 2 boards (2 threads, 8 jobs per thread)
arm: + sama5d27_som1_ek_mmc1
+tools/image-host.c:17:10: fatal error: openssl/pem.h: Datei oder Verzeichnis nicht gefunden
+ 17 | #include <openssl/pem.h>
+ | ^~~~~~~~~~~~~~~
+compilation terminated.
+make[2]: *** [scripts/Makefile.host:112: tools/image-host.o] Fehler 1
+make[1]: *** [Makefile:1857: tools] Fehler 2
+make: *** [Makefile:177: sub-make] Error 2
arm: + sama5d27_som1_ek_mmc
+tools/image-host.c:17:10: fatal error: openssl/pem.h: Datei oder Verzeichnis nicht gefunden
+ 17 | #include <openssl/pem.h>
+ | ^~~~~~~~~~~~~~~
+compilation terminated.
+make[2]: *** [scripts/Makefile.host:112: tools/image-host.o] Fehler 1
+make[1]: *** [Makefile:1857: tools] Fehler 2
+make: *** [Makefile:177: sub-make] Error 2
0 0 2 /2 sama5d27_som1_ek_mmc
Completed: 2 total built, 2 newly), duration 0:00:01, rate 2.00
Same if I apply the whole series to master (this time with english
locale):
% buildman -o ~/build/u-boot/buildman -Pr -a '~CONFIG_TOOLS_LIBCRYPTO' sama5d27_som1_ek_mmc
Building current source for 2 boards (2 threads, 8 jobs per thread)
arm: + sama5d27_som1_ek_mmc
+tools/image-host.c:17:10: fatal error: openssl/pem.h: No such file or directory
+ 17 | #include <openssl/pem.h>
+ | ^~~~~~~~~~~~~~~
+compilation terminated.
+make[2]: *** [scripts/Makefile.host:112: tools/image-host.o] Error 1
+make[1]: *** [Makefile:1858: tools] Error 2
+make: *** [Makefile:177: sub-make] Error 2
arm: + sama5d27_som1_ek_mmc1
+tools/image-host.c:17:10: fatal error: openssl/pem.h: No such file or directory
+ 17 | #include <openssl/pem.h>
+ | ^~~~~~~~~~~~~~~
+compilation terminated.
+make[2]: *** [scripts/Makefile.host:112: tools/image-host.o] Error 1
+make[1]: *** [Makefile:1858: tools] Error 2
+make: *** [Makefile:177: sub-make] Error 2
0 0 2 /2 sama5d27_som1_ek_mmc1
Completed: 2 total built, 2 newly), duration 0:00:01, rate 2.00
Did you have time to look into this again? Or maybe did you sent an
updated series I overlooked?
Greets
Alex
> ---
>
> include/image.h | 2 +-
> tools/Kconfig | 1 +
> tools/fit_image.c | 2 +-
> tools/image-host.c | 2 ++
> tools/mkimage.c | 5 +++--
> 5 files changed, 8 insertions(+), 4 deletions(-)
>
> diff --git a/include/image.h b/include/image.h
> index 7717a4c13d..6a616d15fb 100644
> --- a/include/image.h
> +++ b/include/image.h
> @@ -1388,7 +1388,7 @@ int calculate_hash(const void *data, int data_len,
> const char *algo, * device
> */
> #if defined(USE_HOSTCC)
> -# if defined(CONFIG_FIT_SIGNATURE)
> +# if CONFIG_IS_ENABLED(FIT_SIGNATURE)
> # define IMAGE_ENABLE_SIGN 1
> # define FIT_IMAGE_ENABLE_VERIFY 1
> # include <openssl/evp.h>
> diff --git a/tools/Kconfig b/tools/Kconfig
> index 539708f277..cfad26302c 100644
> --- a/tools/Kconfig
> +++ b/tools/Kconfig
> @@ -46,6 +46,7 @@ config TOOLS_FIT_RSASSA_PSS
> Support the rsassa-pss signature scheme in the tools builds
>
> config TOOLS_FIT_SIGNATURE
> + depends on TOOLS_LIBCRYPTO
> def_bool y
> help
> Enable signature verification of FIT uImages in the tools builds
> diff --git a/tools/fit_image.c b/tools/fit_image.c
> index 8a18b1b0ba..148dc5df40 100644
> --- a/tools/fit_image.c
> +++ b/tools/fit_image.c
> @@ -61,7 +61,7 @@ static int fit_add_file_data(struct image_tool_params
> *params, size_t size_inc, ret = fit_set_timestamp(ptr, 0, time);
> }
>
> - if (!ret)
> + if (CONFIG_IS_ENABLED(FIT_SIGNATURE) && !ret)
> ret = fit_pre_load_data(params->keydir, dest_blob, ptr);
>
> if (!ret) {
> diff --git a/tools/image-host.c b/tools/image-host.c
> index 4a24dee815..d09a03bd76 100644
> --- a/tools/image-host.c
> +++ b/tools/image-host.c
> @@ -1119,6 +1119,7 @@ static int fit_config_add_verification_data(const char
> *keydir, return 0;
> }
>
> +#if CONFIG_IS_ENABLED(FIT_SIGNATURE)
> /*
> * 0) open file (open)
> * 1) read certificate (PEM_read_X509)
> @@ -1227,6 +1228,7 @@ int fit_pre_load_data(const char *keydir, void
> *keydest, void *fit) out:
> return ret;
> }
> +#endif
>
> int fit_cipher_data(const char *keydir, void *keydest, void *fit,
> const char *comment, int require_keys,
> diff --git a/tools/mkimage.c b/tools/mkimage.c
> index 8306861ce5..866410934e 100644
> --- a/tools/mkimage.c
> +++ b/tools/mkimage.c
> @@ -115,7 +115,7 @@ static void usage(const char *msg)
> " -B => align size in hex for FIT structure and
header\n"
> " -b => append the device tree binary to the
FIT\n"
> " -t => update the timestamp in the FIT\n");
> -#ifdef CONFIG_FIT_SIGNATURE
> +#if CONFIG_IS_ENABLED(FIT_SIGNATURE)
> fprintf(stderr,
> "Signing / verified boot options: [-k keydir] [-K dtb] [
-c <comment>]
> [-p addr] [-r] [-N engine]\n" " -k => set directory containing
> private keys\n"
> @@ -130,8 +130,9 @@ static void usage(const char *msg)
> " -o => algorithm to use for signing\n");
> #else
> fprintf(stderr,
> - "Signing / verified boot not supported
(CONFIG_FIT_SIGNATURE
> undefined)\n"); + "Signing / verified boot not supported
> (CONFIG_TOOLS_FIT_SIGNATURE undefined)\n"); #endif
> +
> fprintf(stderr, " %s -V ==> print version information and
exit\n",
> params.cmdname);
> fprintf(stderr, "Use '-T list' to see a list of available image
types\n");
More information about the U-Boot
mailing list