EXTERNAL - Host GnuTLS now needs pkcs11 support
Franz Schnyder
fra.schnyder at gmail.com
Wed Apr 8 16:16:41 CEST 2026
Hello
On Wed, Apr 08, 2026 at 08:50:41AM +0200, Wojciech Dubowik wrote:
> I could add disable compile flag in mkeficapsule if there are no objections. Sth
> like this in pkcs11 places:
>
> +#ifndef DISABLE_PKCS11
> ret = gnutls_privkey_import_pkcs11_url(pkey, ctx->key_file);
> [...]
> +#else
> + fprintf(stdout, "Pkcs11 support is disabled\n");
> + return -1;
> +#endif
>
I think it makes sense, given that some U-Boot users might not want to
have pkcs11 and deal with the dependencies.
> This way OE or possibly openwrt don't need to patch.
In any case, I've sent this patch to OE to have pkcs11 support on
the host side if it's wanted.
https://lore.kernel.org/all/20260408130553.819420-1-fra.schnyder@gmail.com/
Kind regards
Franz
More information about the U-Boot
mailing list