[PATCH 1/1] boot: don't select non-existent CONFIG_VPL_CRYPTO
Quentin Schulz
quentin.schulz at cherry.de
Thu Feb 26 15:53:56 CET 2026
Hi Heinrich,
On 2/25/26 1:21 PM, Heinrich Schuchardt wrote:
> On 2/25/26 10:06, Heinrich Schuchardt wrote:
>> On 2/25/26 09:37, Quentin Schulz wrote:
>>> Hi Heinrich,
>>>
>>> On 2/25/26 8:37 AM, Heinrich Schuchardt wrote:
>>>> Symbol CONFIG_VPL_CRYPTO does not exist.
>>>
>>> Correct but I have a hunch this was based off of SPL_FIT_SIGNATURE
>>> which does require crypto support, so I'm assuming VPL would too.
>>>
>>> But this symbol indeed never existed, and even if it did, it wouldn't
>>> compile anything else as far as I can tell since drivers/crypto is
>>> enabled by default in proper and only if CONFIG_SPL_CRYPTO is set for
>>> SPL, and only SPL (checking for !TPL and !VPL)... so something feels
>>> unfinished with VPL here to me.
>>>
>>> I'm not sure we're improving anything there but I don't think it
>>> makes things worse, as such
>>>
>>> Fixes: 4218456b3fac ("vbe: Add Kconfig options for VPL")
>>>
>>> Reviewed-by: Quentin Schulz <quentin.schulz at cherry.de>
>>>
>>> Thanks!
>>> Quentin
>>
>> Thank you for reviewing.
>>
>> There is a symbol CONFIG_VPL_MBEDTLS_LIB_CRYPTO that might be used but
>> then VPL_FIT_SIGNATURE support would have to depend on MBEDTLS.
>>
>> Maybe Simon can inform us what his design intention was. Adding a
>> defconfig actually testing VPL_FIT_SIGNATURE would be helpful.
>>
>> Best regards
>>
>> Heinrich
>
> There are more non-existent symbols implied by VPL_FIT_SIGNATURE
>
> imply VPL_RSA
> imply VPL_RSA_VERIFY
>
> @Tom
> I wonder why the VPL feature was suggested if it was never tested or
> used. Should we remove all of VPL?
>
As far as I remember, VPL was a necessary step to add support for VBE
(Verified Boot for Embedded) that Simon was working on. I don't think it
got realized entirely (upstream I mean) which may explain the current
state of VPL symbols.
Cheers,
Quentin
More information about the U-Boot
mailing list