[PATCH 0/6] Add preload_check_sign tool
Paul HENRYS
paul.henrys_ext at softathome.com
Mon Feb 24 21:07:28 CET 2025
Hi Tom,
On 24/02/2025 17:31, Tom Rini wrote:
> On Fri, Feb 21, 2025 at 11:38:18AM -0600, Tom Rini wrote:
>
>> On Wed, 12 Feb 2025 10:31:20 +0100, Paul HENRYS wrote:
>>
>>> This serie of patches adds a new tool to authenticate files signed
>>> with a preload header.
>>> This tool is also used in the tests to actually verify the
>>> authenticity of the file signed with such a preload header.
>>>
>>> Paul HENRYS (6):
>>> rsa: Add rsa_verify_openssl() to use openssl for host builds
>>> image: Add an inline declaration of unmap_sysmem()
>>> boot: Add support of the pre-load signature for host tools
>>> tools: Add preload_check_sign to authenticate images with a pre-load
>>> configs: Enable the pre-load signature in tools-only_defconfig
>>> binman: Authenticate the image when testing the preload signature
>>>
>>> [...]
>> Applied to u-boot/next, thanks!
> Unfortunately this breaks macOS building:
> https://dev.azure.com/u-boot/u-boot/_build/results?buildId=10614&view=logs&j=35eccd4a-c7e0-5052-1111-1aa0b6b36326&t=e725091b-e4d8-5b5a-ef22-f51d8214ad12
>
> And so I need to revert this from -next, sorry.
>
In the pipeline, I see you seem to be building against openssl 1.1:
/usr/local/opt/*openssl at 1.1*/include/openssl/x509.h:962:17: note:
'EVP_PKEY_get_attr' declared here
X509_ATTRIBUTE *EVP_PKEY_get_attr(const EVP_PKEY *key, int loc);
OpenSSL 1.1 is deprecated and I based the implementation on OpenSSL 3
APIs. Should I update the implementation to also support OpenSSL 1.1 APIs?
Best regards,
Paul
More information about the U-Boot
mailing list