<feed xmlns='http://www.w3.org/2005/Atom'>
<title>u-boot.git/tools/Makefile, branch v2021.10</title>
<subtitle>Unnamed repository; edit this file 'description' to name the repository.</subtitle>
<id>http://cgit.235523.xyz/u-boot.git/atom/tools/Makefile?h=v2021.10</id>
<link rel='self' href='http://cgit.235523.xyz/u-boot.git/atom/tools/Makefile?h=v2021.10'/>
<link rel='alternate' type='text/html' href='http://cgit.235523.xyz/u-boot.git/'/>
<updated>2021-07-31T07:59:58Z</updated>
<entry>
<title>tools: kwbimage: Remove v1 kwbimage SPL padding to CONFIG_SYS_U_BOOT_OFFS bytes</title>
<updated>2021-07-31T07:59:58Z</updated>
<author>
<name>Pali Rohár</name>
<email>pali@kernel.org</email>
</author>
<published>2021-07-23T09:14:31Z</published>
<link rel='alternate' type='text/html' href='http://cgit.235523.xyz/u-boot.git/commit/?id=ad906753c20a5bafbb6b4f34d454ed8355fa22e7'/>
<id>urn:sha1:ad906753c20a5bafbb6b4f34d454ed8355fa22e7</id>
<content type='text'>
This padding depends on board config file and therefore it makes the
mkimage binary tool board specific, which is not correct. One cannot use
mkimage tool built as a result for board A to generate images for board
B, even if both A and B are on the same platform.

This CONFIG_SYS_U_BOOT_OFFS padding was needed when kwbimage v1 contained
SPL code which loaded U-Boot proper based on CONFIG_SYS_U_BOOT_OFFS,
instead of reading correct offset from kwbimage header.

Now that SPL code parses kwbimage header and deterinate correct offset,
there is no need for this CONFIG_SYS_U_BOOT_OFFS padding anymore.

By removing it we also reduce the size of SPL code and therefore also
decrease the final size of v1 kwbimage. This means there is more space
for U-Boot proper binary.

Signed-off-by: Pali Rohár &lt;pali@kernel.org&gt;
Reviewed-by: Marek Behún &lt;marek.behun@nic.cz&gt;
Reviewed-by: Chris Packham &lt;judge.packham@gmail.com&gt;
Reviewed-by: Stefan Roese &lt;sr@denx.de&gt;
</content>
</entry>
<entry>
<title>tools: kwbimage: Do not hide usage of secure header under CONFIG_ARMADA_38X</title>
<updated>2021-07-31T07:49:31Z</updated>
<author>
<name>Pali Rohár</name>
<email>pali@kernel.org</email>
</author>
<published>2021-07-23T09:14:13Z</published>
<link rel='alternate' type='text/html' href='http://cgit.235523.xyz/u-boot.git/commit/?id=b4f3cc2c42d97967a3a3c8796c340f6b07ecccac'/>
<id>urn:sha1:b4f3cc2c42d97967a3a3c8796c340f6b07ecccac</id>
<content type='text'>
The mkimage host tool can be used to generate kwbimage v1 image with
secure header on host system for A38x plaform also when U-Boot is being
compiled for different platform. So there is no reason to not allow
compiling of mkimage/kwbimage with secure header support for e.g. x86-64
host.

Signed-off-by: Pali Rohár &lt;pali@kernel.org&gt;
Reviewed-by: Marek Behún &lt;marek.behun@nic.cz&gt;
Reviewed-by: Chris Packham &lt;judge.packham@gmail.com&gt;
Reviewed-by: Stefan Roese &lt;sr@denx.de&gt;
Tested-by: Chris Packham &lt;judge.packham@gmail.com&gt;
</content>
</entry>
<entry>
<title>tools: kwbimage: Fix compilation without CONFIG_SYS_U_BOOT_OFFS</title>
<updated>2021-07-31T07:49:31Z</updated>
<author>
<name>Pali Rohár</name>
<email>pali@kernel.org</email>
</author>
<published>2021-07-23T09:13:55Z</published>
<link rel='alternate' type='text/html' href='http://cgit.235523.xyz/u-boot.git/commit/?id=8ab9c6be690e037589a7f0305ce76b3907f9c295'/>
<id>urn:sha1:8ab9c6be690e037589a7f0305ce76b3907f9c295</id>
<content type='text'>
The CONFIG_SYS_U_BOOT_OFFS option may be defined as empty string.
In this case it causes compilation error:

    tools/kwbimage.c: In function ‘image_headersz_v1’:
    tools/kwbimage.c:1002:39: error: expected expression before ‘)’ token
      if (headersz &gt; CONFIG_SYS_U_BOOT_OFFS) {
                                           ^
    tools/kwbimage.c:1006:41: error: expected expression before ‘)’ token
        (int)headersz, CONFIG_SYS_U_BOOT_OFFS);
                                             ^
    tools/kwbimage.c:1011:35: error: expected expression before ‘;’ token
      headersz = CONFIG_SYS_U_BOOT_OFFS;
                                       ^
    make[1]: *** [scripts/Makefile.host:112: tools/kwbimage.o] Error 1
    make: *** [Makefile:1822: tools] Error 2

Check whether the value of CONFIG_SYS_U_BOOT_OFFS is really set.

Signed-off-by: Pali Rohár &lt;pali@kernel.org&gt;
Reviewed-by: Marek Behún &lt;marek.behun@nic.cz&gt;
Reviewed-by: Stefan Roese &lt;sr@denx.de&gt;
Reviewed-by: Chris Packham &lt;judge.packham@gmail.com&gt;
Tested-by: Chris Packham &lt;judge.packham@gmail.com&gt;
</content>
</entry>
<entry>
<title>tools: Use a single target-independent config to enable OpenSSL</title>
<updated>2021-07-16T19:39:29Z</updated>
<author>
<name>Alexandru Gagniuc</name>
<email>mr.nuke.me@gmail.com</email>
</author>
<published>2021-07-14T22:05:47Z</published>
<link rel='alternate' type='text/html' href='http://cgit.235523.xyz/u-boot.git/commit/?id=cb9faa6f98ae56d70d59505dad290dd3d381cb7b'/>
<id>urn:sha1:cb9faa6f98ae56d70d59505dad290dd3d381cb7b</id>
<content type='text'>
Host tool features, such as mkimage's ability to sign FIT images were
enabled or disabled based on the target configuration. However, this
misses the point of a target-agnostic host tool.

A target's ability to verify FIT signatures is independent of
mkimage's ability to create those signatures. In fact, u-boot's build
system doesn't sign images. The target code can be successfully built
without relying on any ability to sign such code.

Conversely, mkimage's ability to sign images does not require that
those images will only work on targets which support FIT verification.
Linking mkimage cryptographic features to target support for FIT
verification is misguided.

Without loss of generality, we can say that host features are and
should be independent of target features.

While we prefer that a host tool always supports the same feature set,
we recognize the following
  - some users prefer to build u-boot without a dependency on OpenSSL.
  - some distros prefer to ship mkimage without linking to OpenSSL

To allow these use cases, introduce a host-only Kconfig which is used
to select or deselect libcrypto support. Some mkimage features or some
host tools might not be available, but this shouldn't affect the
u-boot build.

I also considered setting the default of this config based on
FIT_SIGNATURE. While it would preserve the old behaviour it's also
contrary to the goals of this change. I decided to enable it by
default, so that the default build yields the most feature-complete
mkimage.

Signed-off-by: Alexandru Gagniuc &lt;mr.nuke.me@gmail.com&gt;
</content>
</entry>
<entry>
<title>common: Move host-only logic in image-sig.c to separate file</title>
<updated>2021-07-16T16:58:55Z</updated>
<author>
<name>Alexandru Gagniuc</name>
<email>mr.nuke.me@gmail.com</email>
</author>
<published>2021-07-14T22:05:37Z</published>
<link rel='alternate' type='text/html' href='http://cgit.235523.xyz/u-boot.git/commit/?id=e89660f5ec1ce9aa66df04b0c3e6a96cc342020b'/>
<id>urn:sha1:e89660f5ec1ce9aa66df04b0c3e6a96cc342020b</id>
<content type='text'>
image-sig.c is used to map a hash or crypto algorithm name to a
handler of that algorithm. There is some similarity between the host
and target variants, with the differences worked out by #ifdefs. The
purpose of this change is to remove those ifdefs.

First, copy the file to a host-only version, and remove target
specific code. Although it looks like we are duplicating code,
subsequent patches will change the way target algorithms are searched.
Besides we are only duplicating three string to struct mapping
functions. This isn't something to fuss about.

Signed-off-by: Alexandru Gagniuc &lt;mr.nuke.me@gmail.com&gt;
Reviewed-by: Simon Glass &lt;sjg@chromium.org&gt;
</content>
</entry>
<entry>
<title>lib: Add support for ECDSA image signing</title>
<updated>2021-04-14T19:06:08Z</updated>
<author>
<name>Alexandru Gagniuc</name>
<email>mr.nuke.me@gmail.com</email>
</author>
<published>2021-02-19T18:45:12Z</published>
<link rel='alternate' type='text/html' href='http://cgit.235523.xyz/u-boot.git/commit/?id=ed6c9e0b6668a05d62f5d1b75aecaf246ba51042'/>
<id>urn:sha1:ed6c9e0b6668a05d62f5d1b75aecaf246ba51042</id>
<content type='text'>
mkimage supports rsa2048, and rsa4096 signatures. With newer silicon
now supporting hardware-accelerated ECDSA, it makes sense to expand
signing support to elliptic curves.

Implement host-side ECDSA signing and verification with libcrypto.
Device-side implementation of signature verification is beyond the
scope of this patch.

Signed-off-by: Alexandru Gagniuc &lt;mr.nuke.me@gmail.com&gt;
Reviewed-by: Simon Glass &lt;sjg@chromium.org&gt;
</content>
</entry>
<entry>
<title>lib/rsa: Make fdt_add_bignum() available outside of RSA code</title>
<updated>2021-04-14T19:06:08Z</updated>
<author>
<name>Alexandru Gagniuc</name>
<email>mr.nuke.me@gmail.com</email>
</author>
<published>2021-02-19T18:45:11Z</published>
<link rel='alternate' type='text/html' href='http://cgit.235523.xyz/u-boot.git/commit/?id=4c17e5f69170bf033df7b4f1a2b87fa72f18aaf5'/>
<id>urn:sha1:4c17e5f69170bf033df7b4f1a2b87fa72f18aaf5</id>
<content type='text'>
fdt_add_bignum() is useful for algorithms other than just RSA. To
allow its use for ECDSA, move it to a common file under lib/.

The new file is suffixed with '-libcrypto' because it has a direct
dependency on openssl. This is due to the use of the "BIGNUM *" type.

Signed-off-by: Alexandru Gagniuc &lt;mr.nuke.me@gmail.com&gt;
Reviewed-by: Simon Glass &lt;sjg@chromium.org&gt;
</content>
</entry>
<entry>
<title>lib: Rename rsa-checksum.c to hash-checksum.c</title>
<updated>2021-04-14T19:06:08Z</updated>
<author>
<name>Alexandru Gagniuc</name>
<email>mr.nuke.me@gmail.com</email>
</author>
<published>2021-02-19T18:45:10Z</published>
<link rel='alternate' type='text/html' href='http://cgit.235523.xyz/u-boot.git/commit/?id=0bcb28dfb946b32ed7550fc4c24c5dcea6718554'/>
<id>urn:sha1:0bcb28dfb946b32ed7550fc4c24c5dcea6718554</id>
<content type='text'>
rsa-checksum.c sontains the hash_calculate() implementations. Despite
the "rsa-" file prefix, this function is useful for other algorithms.

To prevent confusion, move this file to lib/, and rename it to
hash-checksum.c, to give it a more "generic" feel.

Signed-off-by: Alexandru Gagniuc &lt;mr.nuke.me@gmail.com&gt;
Reviewed-by: Simon Glass &lt;sjg@chromium.org&gt;
</content>
</entry>
<entry>
<title>arm: mvebu: a38x: Remove dead code ARMADA_39X</title>
<updated>2021-03-12T06:44:21Z</updated>
<author>
<name>Pali Rohár</name>
<email>pali@kernel.org</email>
</author>
<published>2021-03-05T14:52:42Z</published>
<link rel='alternate' type='text/html' href='http://cgit.235523.xyz/u-boot.git/commit/?id=15942805b7efe47e186d8b30ec378666561ad1f9'/>
<id>urn:sha1:15942805b7efe47e186d8b30ec378666561ad1f9</id>
<content type='text'>
Config option ARMADA_39X is never set so remove all dead code hidden under
ifdef CONFIG_ARMADA_39X blocks.

Also remove useless checks for CONFIG_ARMADA_38X define as this macro is
always defined for a38x code path.

Signed-off-by: Pali Rohár &lt;pali@kernel.org&gt;
Reviewed-by: Stefan Roese &lt;sr@denx.de&gt;
</content>
</entry>
<entry>
<title>tools/Makefile: FIT_CIPHER requires libssl</title>
<updated>2021-01-22T21:17:52Z</updated>
<author>
<name>Joel Stanley</name>
<email>joel@jms.id.au</email>
</author>
<published>2020-12-08T04:12:13Z</published>
<link rel='alternate' type='text/html' href='http://cgit.235523.xyz/u-boot.git/commit/?id=5d40d5f12edac9ffccce955509f4cb4a7aa763a2'/>
<id>urn:sha1:5d40d5f12edac9ffccce955509f4cb4a7aa763a2</id>
<content type='text'>
If CONFIG_FIT_CIPHER is enabled without CONFIG_FIT_SIGNATURE then
mkimage/dumpimage will fail to link:

 /usr/bin/ld: tools/common/image-cipher.o: in function `fit_image_decrypt_data':
 image-cipher.c:(.text+0x9a): undefined reference to `image_get_host_blob'
 /usr/bin/ld: tools/common/image-cipher.o:(.data.rel+0x10): undefined reference to `EVP_aes_128_cbc'
 /usr/bin/ld: tools/common/image-cipher.o:(.data.rel+0x40): undefined reference to `EVP_aes_192_cbc'
 /usr/bin/ld: tools/common/image-cipher.o:(.data.rel+0x70): undefined reference to `EVP_aes_256_cbc'
 /usr/bin/ld: tools/lib/aes/aes-encrypt.o: in function `image_aes_encrypt':
 aes-encrypt.c:(.text+0x22): undefined reference to `EVP_CIPHER_CTX_new'
 /usr/bin/ld: aes-encrypt.c:(.text+0x6f): undefined reference to `EVP_EncryptInit_ex'
 /usr/bin/ld: aes-encrypt.c:(.text+0x8d): undefined reference to `EVP_EncryptUpdate'
 /usr/bin/ld: aes-encrypt.c:(.text+0xac): undefined reference to `EVP_CIPHER_CTX_free'
 /usr/bin/ld: aes-encrypt.c:(.text+0xf2): undefined reference to `EVP_EncryptFinal_ex'
 collect2: error: ld returned 1 exit status

Signed-off-by: Joel Stanley &lt;joel@jms.id.au&gt;
</content>
</entry>
</feed>
