[PATCH v1] configs: socfpga: stratix10: Disable mkeficapsule tool build
Tom Rini
trini at konsulko.com
Mon Apr 13 22:23:14 CEST 2026
On Tue, Apr 07, 2026 at 12:46:32AM +0000, NG, BOON KHAI wrote:
> Hi Tom,
>
> >
> > That's a documented host dependency. We generally don't want to disable
> > general tools even if, sigh, I see a few other boards are also doing
> > this now.
> >
> > --
> > Tom
>
> Can share the link to the documentation? I tried to search tool the U-Boot
> docs.u-boot.org but cant find any document related to the host dependency
> this is only what i found https://docs.u-boot.org/en/latest/build/tools.html
> but didn't mention about mkeficapsule.
So in https://docs.u-boot.org/en/latest/build/gcc.html we list tls.
That's not to say our docs could not be improved and expanded on, but it
is there. But with that, you have a stronger point below.
> At the same time, i would like to clarify why this is more than just a missing
> host dependancy.
>
> Since SoCFPGA does not support EFI capsule updates, the automatic
> enable of CONFIG_TOOLS_MKEFICAPSULE actually not reflecting the
> actual capability of the platform.
>
> Disabling the tool explicitly in the defconfing is an accurate representation
> of this board's feature set, and this is not merely a build workaround,
>
> and, according to https://adaptivesupport.amd.com/s/question/
> 0D54U000086ca7RSAQ/toolsmkeficapsulec2110-fatal-error-
> gnutlsgnutlsh-no-such-file-or-directory?language=en_US
> installing libgnutls-dev would suppress the error,
>
> but this will leave a misleading configuration in place.
>
> I'm curious, if the intent is that the TOOLS_MKEFICAPSULE should always
> be build, perhaps the correct fix upstream would be to make the gnutls
> dependency a hard Kconfig requirement?
I've added the EFI Loader custodians to the thread as well. While I
think tools-only_defconfig needs to enable TOOLS_MKEFICAPSULE (as this
is what generic distributions should be using when building the
userspace tools for a generic case, in order to have maximally useful
tooling), I'm open to saying that it should be "default y if ..." some
other symbol that means that a given platform has in fact configured the
rest of the system to support capsule updates as, you're right. If a
board hasn't done the rest of the work to use it, the tool is not
useful.
--
Tom
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 228 bytes
Desc: not available
URL: <https://lists.denx.de/pipermail/u-boot/attachments/20260413/0af076b9/attachment.sig>
More information about the U-Boot
mailing list