[PATCH v2] configs: socfpga: stratix10: Disable mkeficapsule tool build
Quentin Schulz
quentin.schulz at cherry.de
Fri May 29 14:23:34 CEST 2026
Hi Boon Khai Ng, Tom,
On 5/29/26 1:23 PM, Boon Khai Ng wrote:
> mkeficapsule tool is automatically enabled when EFI_LOADER is selected,
> which introduces a host dependency on libgnutls.
>
> This causes build failures in minimal toolchain environments where
> gnutls headers are not installed.
>
Having had a cursory look at tools/mkeficapsule.c, I think it should be
pretty straightforward (famous last words) to remove the dependency on
gnutls. See changes made in 16abff246b40 ("tools: mkeficapsule: add
firmware image signing") (lots of noise in the patch though, I'm
thinking we only need to ifdef the privkey_file && cert_file if block in
create_fwbin() (and the functions called in that block). The only issue
is to decide when to drop this dependency.
We use pkg-config to detect if the lib is available (I'm hoping that's
enough to assume the header will be available too), but if pkg-config
fails then we still default to -lgnutls, see 31a7688cbe0e ("tools:
mkeficapsule: use pkg-config to get -luuid and -lgnutls"). I'm not sure
if/why we need to keep this fallback but otherwise we could do the same
trick as for pk11 support in gnutls here
https://lore.kernel.org/u-boot/20260529110525.22822-1-Wojciech.Dubowik@mt.com/
and set a flag to ifdef the appropriate sections in the code.
> Stratix10 SoCFPGA platforms do not use UEFI capsule update workflows
> and therefore do not require mkeficapsule.
>
If you say so :)
Reviewed-by: Quentin Schulz <quentin.schulz at cherry.de>
Cheers,
Quentin
More information about the U-Boot
mailing list