Host GnuTLS now needs pkcs11 support
Franz Schnyder
fra.schnyder at gmail.com
Tue Apr 7 18:15:13 CEST 2026
Hello Wojciech,
with commit 0c716a157be ("tools: mkeficapsule: Add support for pkcs11"),
mkeficapsule now references to pkcs11 related symbols.
This breaks our OE builds because it causes link failures for
configurations that build mkeficapsule when the host gnutls is
built without pkcs11 support:
```
undefined reference to `gnutls_pkcs11_obj_list_import_url4'
undefined reference to `gnutls_x509_crt_import_pkcs11'
undefined reference to `gnutls_pkcs11_init'
undefined reference to `gnutls_pkcs11_add_provider'
undefined reference to `gnutls_pkcs11_deinit'
```
On the OE side, enabling support in gnutls via p11-kit fixes the failures.
However, I wonder what the cleanest solution would be. Should this new
host requirement for pkcs11 be handled in the U-Boot OE recipe, or is
there a better way to approach this correctly?
Any ideas?
Kind regards
Franz
More information about the U-Boot
mailing list