[{"id":3679896,"web_url":"http://patchwork.ozlabs.org/comment/3679896/","msgid":"<5016a59a-c2b8-4676-b18e-877aabdeec27@cherry.de>","list_archive_url":null,"date":"2026-04-21T13:42:30","subject":"Re: [PATCH v3] tools: mkeficapsule: Rework pkcs11 support","submitter":{"id":88462,"url":"http://patchwork.ozlabs.org/api/people/88462/","name":"Quentin Schulz","email":"quentin.schulz@cherry.de"},"content":"Hi Wojciech,\n\nOn 4/21/26 2:14 PM, Wojciech Dubowik wrote:\n> Some distros like OpenEmbedded are using gnutls library\n> without pkcs11 support and linking of mkeficapsule will fail.\n> It would make maintenance of default configs a hurdle.\n> Add detection of pkcs11 support in gnutls so it's enabled\n> when available and doesn't need to be set explicitly.\n> \n> Changes:\n> * remove config option for pkcs11 support and add auto\n> detection in Makefile\n> * reduce amount of ifdefs by abstracting import pkcs11\n> functions\n> * add missing free and deinit functions\nNo, this must be a separate patch.\n\nWe also don't need a changelog between patch versions in the commit log \n(place it below the ---).\n\n> \n> Suggested-by: Tom Rini \n> Cc: Franz Schnyder \n> Signed-off-by: Wojciech Dubowik \n> ---\n> Changes in v3:\n> - remove config option for pkcs11 support and add auto\n> detection in Makefile\n> - reduce amount of ifdefs by abstracting import pkcs11\n> functions\n> - add missing free and deinit functions\n> Changes in v2:\n> - make use of stderr more consistent\n> - add missing ifndef around pkcs11 deinit functions\n> ---\n> tools/Makefile | 5 ++\n> tools/mkeficapsule.c | 117 ++++++++++++++++++++++++++++---------------\n> 2 files changed, 81 insertions(+), 41 deletions(-)\n> \n> diff --git a/tools/Makefile b/tools/Makefile\n> index 1a5f425ecdaa..e85f5a354b81 100644\n> --- a/tools/Makefile\n> +++ b/tools/Makefile\n> @@ -271,6 +271,11 @@ mkeficapsule-objs := generated/lib/uuid.o \\\n> \t$(LIBFDT_OBJS) \\\n> \tmkeficapsule.o\n> hostprogs-always-$(CONFIG_TOOLS_MKEFICAPSULE) += mkeficapsule\n> +GNUTLS_SUPPORTS_P11KIT = $(shell pkg-config --libs gnutls --print-requires-private \\\n> +\t\t\t 2> /dev/null | grep p11-kit-1)\n> +ifeq ($(GNUTLS_SUPPORTS_P11KIT),p11-kit-1)\n> +HOSTCFLAGS_mkeficapsule.o += -DMKEFICAPSULE_PKCS11\n> +endif\n> \n> include tools/fwumdata_src/fwumdata.mk\n> \n> diff --git a/tools/mkeficapsule.c b/tools/mkeficapsule.c\n> index ec640c57e8a5..747431bce8fe 100644\n> --- a/tools/mkeficapsule.c\n> +++ b/tools/mkeficapsule.c\n> @@ -207,6 +207,45 @@ static int write_capsule_file(FILE *f, void *data, size_t size, const char *msg)\n> \treturn 0;\n> }\n> \n> +#ifdef MKEFICAPSULE_PKCS11\n> +static int import_pkcs11_crt(gnutls_x509_crt_t *x509, struct auth_context *ctx)\n> +{\n> +\tgnutls_pkcs11_obj_t *obj_list;\n> +\tunsigned int obj_list_size = 0;\n> +\tint i, ret;\n> +\n> +\tret = gnutls_pkcs11_obj_list_import_url4(&obj_list, &obj_list_size,\n> +\t\t\t\t\t\t ctx->cert_file, 0);\n> +\tif (ret < 0 || obj_list_size == 0)\n> +\t\treturn ret;\n> +\n> +\tret = gnutls_x509_crt_import_pkcs11(*x509, obj_list[0]);\n> +\n> +\tfor (i = 0; i < obj_list_size; i++)\n> + gnutls_pkcs11_obj_deinit(obj_list[i]);\n> +\tgnutls_free(obj_list);\n> +\n> +\treturn ret;\n> +}\n> +\n> +static int import_pkcs11_key(gnutls_privkey_t *pkey, struct auth_context *ctx)\n> +{\n> +\treturn gnutls_privkey_import_pkcs11_url(*pkey, ctx->key_file);\n> +}\n> +#else\n> +static int import_pkcs11_crt(gnutls_x509_crt_t *x509, struct auth_context *ctx)\n> +{\n> +\tfprintf(stderr, \"Pkcs11 support is disabled\\n\");\n> +\treturn -1;\n> +}\n> +\n> +static int import_pkcs11_key(gnutls_privkey_t *pkey, struct auth_context *ctx)\n> +{\n> +\tfprintf(stderr, \"Pkcs11 support is disabled\\n\");\n> +\treturn -1;\n> +}\n> +#endif\n> +\n> /**\n> * create_auth_data - compose authentication data in capsule\n> * @auth_context:\tPointer to authentication context\n> @@ -221,17 +260,14 @@ static int write_capsule_file(FILE *f, void *data, size_t size, const char *msg)\n> */\n> static int create_auth_data(struct auth_context *ctx)\n> {\n> -\tgnutls_datum_t cert;\n> -\tgnutls_datum_t key;\n> +\tgnutls_datum_t cert = { NULL, 0 };\n> +\tgnutls_datum_t key = { NULL, 0 };\n> \toff_t file_size;\n> -\tgnutls_privkey_t pkey;\n> +\tgnutls_privkey_t pkey = NULL;\n> \tgnutls_x509_crt_t x509;\n> \tgnutls_pkcs7_t pkcs7;\n> -\tgnutls_datum_t data;\n> -\tgnutls_datum_t signature;\n> -\tgnutls_pkcs11_obj_t *obj_list;\n> -\tunsigned int obj_list_size = 0;\n> -\tconst char *lib;\n> +\tgnutls_datum_t data = { NULL, 0 };\n> +\tgnutls_datum_t signature = { NULL, 0 };\n> \tint ret;\n> \tbool pkcs11_cert = false;\n> \tbool pkcs11_key = false;\n> @@ -242,10 +278,12 @@ static int create_auth_data(struct auth_context *ctx)\n> \tif (!strncmp(ctx->key_file, \"pkcs11:\", strlen(\"pkcs11:\")))\n> \t\tpkcs11_key = true;\n> \n> +#ifdef MKEFICAPSULE_PKCS11\n> \tif (pkcs11_cert || pkcs11_key) {\n\nThis one also in a separate function. As far as I could tell, we should \nreturn -1 here if PKCS11 support isn't available in gnutls. We shouldn't \ncontinue if we already know we are going to fail. We do need the code \nbelow to be ifdef'ed (in functions like you've done is fine), because \nsomehow the compiler isn't smart enough to build those out and thus \nwe'll fail to build if pkcs11 support is disabled, even if we can never \nreach that part of the code.\n\n> +\t\tconst char *lib;\n> \t\tlib = getenv(\"PKCS11_MODULE_PATH\");\n> \t\tif (!lib) {\n> -\t\t\tfprintf(stdout,\n> +\t\t\tfprintf(stderr,\n> \t\t\t\t\"PKCS11_MODULE_PATH not set in the environment\\n\");\n> \t\t\treturn -1;\n> \t\t}\n> @@ -255,10 +293,11 @@ static int create_auth_data(struct auth_context *ctx)\n> \n> \t\tret = gnutls_pkcs11_add_provider(lib, \"trusted\");\n> \t\tif (ret < 0) {\n> -\t\t\tfprintf(stdout, \"Failed to add pkcs11 provider\\n\");\n> +\t\t\tfprintf(stderr, \"Failed to add pkcs11 provider\\n\");\n> \t\t\treturn -1;\n> \t\t}\n> \t}\n> +#endif\n> \n> \tif (!pkcs11_cert) {\n> \t\tret = read_bin_file(ctx->cert_file, &cert.data, &file_size);\n> @@ -296,35 +335,33 @@ static int create_auth_data(struct auth_context *ctx)\n> \tif (ret < 0) {\n> \t\tfprintf(stderr, \"error in gnutls_x509_crt_init(): %s\\n\",\n> \t\t\tgnutls_strerror(ret));\n> -\t\treturn -1;\n> +\t\tgoto cleanup;\n> \t}\n> \n> \t/* load x509 certificate */\n> \tif (pkcs11_cert) {\n> -\t\tret = gnutls_pkcs11_obj_list_import_url4(&obj_list, &obj_list_size,\n> -\t\t\t\t\t\t\t ctx->cert_file, 0);\n> -\t\tif (ret < 0 || obj_list_size == 0) {\n> -\t\t\tfprintf(stdout, \"Failed to import crt_file URI objects\\n\");\n> -\t\t\treturn -1;\n> +\t\tret = import_pkcs11_crt(&x509, ctx);\n> +\t\tif (ret < 0) {\n> +\t\t\tfprintf(stderr, \"error in import_pkcs11_crt(): %s\\n\",\n> +\t\t\t\tgnutls_strerror(ret));\n> +\t\t\tgoto cleanup;\n> \t\t}\n> -\n> -\t\tgnutls_x509_crt_import_pkcs11(x509, obj_list[0]);\n> \t} else {\n> \t\tret = gnutls_x509_crt_import(x509, &cert, GNUTLS_X509_FMT_PEM);\n> \t\tif (ret < 0) {\n> \t\t\tfprintf(stderr, \"error in gnutls_x509_crt_import(): %s\\n\",\n> \t\t\t\tgnutls_strerror(ret));\n> -\t\t\treturn -1;\n> +\t\t\tgoto cleanup;\n> \t\t}\n> \t}\n> \n> \t/* load a private key */\n> \tif (pkcs11_key) {\n> -\t\tret = gnutls_privkey_import_pkcs11_url(pkey, ctx->key_file);\n> +\t\tret = import_pkcs11_key(&pkey, ctx);\n> \t\tif (ret < 0) {\n> -\t\t\tfprintf(stderr, \"error in %d: %s\\n\", __LINE__,\n> +\t\t\tfprintf(stderr,\t\"error in import_pkcs11_key(): %s\\n\",\n> \t\t\t\tgnutls_strerror(ret));\n> -\t\t\treturn -1;\n> +\t\t\tgoto cleanup;\n> \t\t}\n> \t} else {\n> \t\tret = gnutls_privkey_import_x509_raw(pkey, &key, GNUTLS_X509_FMT_PEM,\n> @@ -333,7 +370,7 @@ static int create_auth_data(struct auth_context *ctx)\n> \t\t\tfprintf(stderr,\n> \t\t\t\t\"error in gnutls_privkey_import_x509_raw(): %s\\n\",\n> \t\t\t\tgnutls_strerror(ret));\n> -\t\t\treturn -1;\n> +\t\t\tgoto cleanup;\n> \t\t}\n> \t}\n> \n> @@ -342,7 +379,7 @@ static int create_auth_data(struct auth_context *ctx)\n> \tif (ret < 0) {\n> \t\tfprintf(stderr, \"error in gnutls_pkcs7_init(): %s\\n\",\n> \t\t\tgnutls_strerror(ret));\n> -\t\treturn -1;\n> +\t\tgoto cleanup;\n> \t}\n> \n> \t/* sign */\n> @@ -357,7 +394,7 @@ static int create_auth_data(struct auth_context *ctx)\n> \tdata.data = malloc(data.size);\n> \tif (!data.data) {\n> \t\tfprintf(stderr, \"allocating memory (0x%x) failed\\n\", data.size);\n> -\t\treturn -1;\n> +\t\tgoto cleanup;\n> \t}\n> \tmemcpy(data.data, ctx->image_data, ctx->image_size);\n> \tmemcpy(data.data + ctx->image_size, &ctx->auth.monotonic_count,\n> @@ -371,7 +408,7 @@ static int create_auth_data(struct auth_context *ctx)\n> \tif (ret < 0) {\n> \t\tfprintf(stderr, \"error in gnutls_pkcs7)sign(): %s\\n\",\n> \t\t\tgnutls_strerror(ret));\n> -\t\treturn -1;\n> +\t\tgoto cleanup;\n> \t}\n> \n> \t/* export */\n> @@ -379,7 +416,8 @@ static int create_auth_data(struct auth_context *ctx)\n> \tif (ret < 0) {\n> \t\tfprintf(stderr, \"error in gnutls_pkcs7_export2: %s\\n\",\n> \t\t\tgnutls_strerror(ret));\n> -\t\treturn -1;\n> +\t\tgnutls_free(signature.data);\n> +\t\tgoto cleanup;\n> \t}\n> \tctx->sig_data = signature.data;\n> \tctx->sig_size = signature.size;\n> @@ -391,24 +429,21 @@ static int create_auth_data(struct auth_context *ctx)\n> \tctx->auth.auth_info.hdr.wCertificateType = WIN_CERT_TYPE_EFI_GUID;\n> \tmemcpy(&ctx->auth.auth_info.cert_type, &efi_guid_cert_type_pkcs7,\n> \t sizeof(efi_guid_cert_type_pkcs7));\n> -\n> -\t/*\n> -\t * For better clean-ups,\n> -\t * gnutls_pkcs7_deinit(pkcs7);\n> -\t * gnutls_privkey_deinit(pkey);\n> -\t * gnutls_x509_crt_deinit(x509);\n> -\t * free(cert.data);\n> -\t * free(key.data);\n> -\t * if error\n> -\t * gnutls_free(signature.data);\n> -\t */\n> -\n> +cleanup:\n> +\tgnutls_x509_crt_deinit(x509);\n> +\tif (pkey)\n> + gnutls_privkey_deinit(pkey);\n> +\tgnutls_pkcs7_deinit(pkcs7);\n> +\tgnutls_free(cert.data);\n> +\tgnutls_free(key.data);\n> +\tgnutls_free(data.data);\n\nNo, this is unrelated to this pkcs11 fixup. Please have a separate patch \nfor this (same for all gotos and variables being assigned a default \nvalue at the top). The idea is that we should be able to revert a patch \nif something is broken, without reverting unrelated functionality (here, \neither the ability to build without pkcs11 or correctly freeing things \non error).\n\n> +#ifdef MKEFICAPSULE_PKCS11\n> \tif (pkcs11_cert || pkcs11_key) {\n> \t\tgnutls_global_deinit();\n> \t\tgnutls_pkcs11_deinit();\n> \t}\n> -\n> -\treturn 0;\n> +#endif\n> +\treturn ret;\n> }\n> \n> /**","headers":{"Return-Path":"","X-Original-To":"incoming@patchwork.ozlabs.org","Delivered-To":"patchwork-incoming@legolas.ozlabs.org","Authentication-Results":["legolas.ozlabs.org;\n\tdkim=pass (1024-bit key;\n unprotected) header.d=cherry.de header.i=@cherry.de header.a=rsa-sha256\n header.s=selector1 header.b=ftXG/9XE;\n\tdkim-atps=neutral","legolas.ozlabs.org;\n spf=pass (sender SPF authorized) smtp.mailfrom=lists.denx.de\n (client-ip=2a01:238:438b:c500:173d:9f52:ddab:ee01; helo=phobos.denx.de;\n envelope-from=u-boot-bounces@lists.denx.de; receiver=patchwork.ozlabs.org)","phobos.denx.de;\n dmarc=pass (p=quarantine dis=none) header.from=cherry.de","phobos.denx.de;\n spf=pass smtp.mailfrom=u-boot-bounces@lists.denx.de","phobos.denx.de;\n\tdkim=pass (1024-bit key;\n unprotected) header.d=cherry.de header.i=@cherry.de header.b=\"ftXG/9XE\";\n\tdkim-atps=neutral","phobos.denx.de; dmarc=pass (p=quarantine dis=none)\n header.from=cherry.de","phobos.denx.de;\n spf=pass smtp.mailfrom=quentin.schulz@cherry.de","dkim=none (message not signed)\n header.d=none;dmarc=none action=none header.from=cherry.de;"],"Received":["from phobos.denx.de (phobos.denx.de\n [IPv6:2a01:238:438b:c500:173d:9f52:ddab:ee01])\n\t(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)\n\t key-exchange x25519)\n\t(No client certificate requested)\n\tby legolas.ozlabs.org (Postfix) with ESMTPS id 4g0Np92RwHz1yCv\n\tfor ; Tue, 21 Apr 2026 23:42:41 +1000 (AEST)","from h2850616.stratoserver.net (localhost [IPv6:::1])\n\tby phobos.denx.de (Postfix) with ESMTP id 97121839D5;\n\tTue, 21 Apr 2026 15:42:38 +0200 (CEST)","by phobos.denx.de (Postfix, from userid 109)\n id 5B48383BC4; Tue, 21 Apr 2026 15:42:38 +0200 (CEST)","from MRWPR03CU001.outbound.protection.outlook.com\n (mail-francesouthazlp170110003.outbound.protection.outlook.com\n [IPv6:2a01:111:f403:c207::3])\n (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits))\n (No client certificate requested)\n by phobos.denx.de (Postfix) with ESMTPS id D10C680433\n for ; Tue, 21 Apr 2026 15:42:35 +0200 (CEST)","from DBBPR04MB7737.eurprd04.prod.outlook.com (2603:10a6:10:1e5::22)\n by AM7PR04MB6885.eurprd04.prod.outlook.com (2603:10a6:20b:10d::24)\n with Microsoft SMTP Server (version=TLS1_2,\n cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.9818.33; Tue, 21 Apr\n 2026 13:42:32 +0000","from DBBPR04MB7737.eurprd04.prod.outlook.com\n ([fe80::5960:fb4b:9313:2b00]) by DBBPR04MB7737.eurprd04.prod.outlook.com\n ([fe80::5960:fb4b:9313:2b00%4]) with mapi id 15.20.9818.033; Tue, 21 Apr 2026\n 13:42:32 +0000"],"X-Spam-Checker-Version":"SpamAssassin 3.4.2 (2018-09-13) on phobos.denx.de","X-Spam-Level":"","X-Spam-Status":"No, score=-2.1 required=5.0 tests=BAYES_00,DKIM_SIGNED,\n DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,RCVD_IN_DNSWL_BLOCKED,\n SPF_HELO_PASS,SPF_PASS autolearn=ham autolearn_force=no version=3.4.2","ARC-Seal":"i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none;\n b=cMdfHCHsXiY22jriyt9+omENP0S5OtOAgLio5RWkwGqunI07S0eQWPsnfZjz1PaRofpIuzIS7PX9oVkygaZylgdEkZHHHyhS5eKDmuG3e1XmH9Ip3qoNXkE0nxW6IQBI5LJkXhd9MWGmtXPg+MnmnWmwpMdVi4HCmUr1RoH+0n26do68L6SwtSENHRzsh4+3xHTLKhXGRm5cNhTdyv8I9RtQ+1P0+pP5/fN5Hxd1rhtYjsUyM7XALbX46R5x0phh7It6GF0fi245xr3fstt2ICzTbf8fZiLAxr8VwnR3XUP+NtpB0QW5ODqWC/B/dVkJE+NcSG76FmB8BhRyxJBRDQ==","ARC-Message-Signature":"i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com;\n s=arcselector10001;\n h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1;\n bh=M6zrThstcB6EMKzk+AK7aXqRynkCVavDLqpzUivPALk=;\n b=RkNoGN8rdv3NGugDAYHhif88a3WsCyxQmjRgmZZ6wqLg9rcvVBP/SwU0HvpsPwbEDxP2tXwcs6HWS6bNYOM/QS5oCvFdxsud1o4dD2uH+CJwKzcv20Ha953YQiICRFR/fz5/LJROUeeHefky5MQglBswm+1i74osqkLk9CEVMsK8B6NAdbWoImFhSmUbDu/GGN0m/njzepVuLg4LhztDHlQ6UBGeZ2AZvdcvKoJYG3z3W/9Syy/PpjFmQRDmZEicE5zBoxa4t1d4duqPFXunM2DGUul2nvmWtgcXdb23K9sAqul+wn7EjAiezyrbNe/ipzBIipE1eNjZFTCL1G2ENQ==","ARC-Authentication-Results":"i=1; mx.microsoft.com 1; spf=pass\n smtp.mailfrom=cherry.de; dmarc=pass action=none header.from=cherry.de;\n dkim=pass header.d=cherry.de; arc=none","DKIM-Signature":"v=1; a=rsa-sha256; c=relaxed/relaxed; d=cherry.de;\n s=selector1;\n h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck;\n bh=M6zrThstcB6EMKzk+AK7aXqRynkCVavDLqpzUivPALk=;\n b=ftXG/9XEQHOYUzPisnZIv5PVGzEp3J4SqOc7rMEjVelt0kyHNXlH+dt6hf6fMExVzXuc6Y6SmTGHmu5uP33PBhVDhFkpLsCc6S2NR51lwRp11mtxCSQlqhNZczGOFQ0kviW4s6Js1hqqt4kOwoqFijmd6tMmcGLJnmrvaikRM3E=","Message-ID":"<5016a59a-c2b8-4676-b18e-877aabdeec27@cherry.de>","Date":"Tue, 21 Apr 2026 15:42:30 +0200","User-Agent":"Mozilla Thunderbird","Subject":"Re: [PATCH v3] tools: mkeficapsule: Rework pkcs11 support","To":"Wojciech Dubowik , u-boot@lists.denx.de","Cc":"Franz Schnyder , trini@konsulko.com,\n \"openembedded-core @ lists . openembedded . org\"\n ,\n Francesco Dolcini , Simon Glass ,\n David Lechner ","References":"<20260421121418.3257226-1-Wojciech.Dubowik@mt.com>","Content-Language":"en-US","From":"Quentin Schulz ","In-Reply-To":"<20260421121418.3257226-1-Wojciech.Dubowik@mt.com>","Content-Type":"text/plain; charset=UTF-8; format=flowed","Content-Transfer-Encoding":"7bit","X-ClientProxiedBy":"FR0P281CA0065.DEUP281.PROD.OUTLOOK.COM\n (2603:10a6:d10:49::18) To DBBPR04MB7737.eurprd04.prod.outlook.com\n (2603:10a6:10:1e5::22)","MIME-Version":"1.0","X-MS-PublicTrafficType":"Email","X-MS-TrafficTypeDiagnostic":"DBBPR04MB7737:EE_|AM7PR04MB6885:EE_","X-MS-Office365-Filtering-Correlation-Id":"d659bcdc-376e-471a-1fe1-08de9fabd68b","X-MS-Exchange-SenderADCheck":"1","X-MS-Exchange-AntiSpam-Relay":"0","X-Microsoft-Antispam":"BCL:0;\n ARA:13230040|10070799003|366016|376014|1800799024|56012099003|18002099003|22082099003;","X-Microsoft-Antispam-Message-Info":"\n 38NnA7fciVv0ya7t+ko2SMZyoRkEOr80TSrFF5tPnBUyO3f4AxNNy3J1dhABFuxS+4UMDdKOkla2diGBV2zW5z6T3vYYbqUYoyNAf5Qq/D03s8wgbaalJDkV37uzm0ih89l6a6sDFhVxhfMHVFY2ACBdwUT4qSM/pTTgpFSQ+bf3xVs7Cgr4HTqsyaszfDQx1+QxM8R+kvIL8c9+rSpkTv8rDFpMmhHau4DRefMBPnDPCdaLu+FRTIQfDnbF3FlCn9qHhK0kbZmiLrA7Y09mowjM9rV5mCct9F6yr51Lw8F0tqhfVAOXqG8qPHG4DQ3UTORS1BMBQHU3r4SFxXLKNTgf9fVAl4zPCj22CMQEYdgzljeYhsrITZGqpsVqsXdXT0dCjXYBi2vgePt+k0NnfiBTZ0817loArYRV2g2Cn+eSMHAzLLFQeHmWk+ed30WmcqJ2+K+VICQQj/Sp9p5gSGkXivGEaK9EnaPs5J8FYHCMp2inUplDw+94neWxayG6ommnGO2pf4bs8O3Ub/g+0atxqPNEm/vb/kAKd30GKJQolX2cW6QkLqT/dMMhTB3DyQW0mSpxv/r3ipXoH0SYK9fVlb0Q6/pt1vFPlfyOGzi9mW3dtYGJmEtEVfvJPF6iVMklUKPB4b6tKTvIZlFeYxHHpjgc6pnIDos8XwyyG47+QihOr3C+Toq4SFYDG4GMsz/zb8kdn76C+IFQTOtFURdanpkpltZ7sgkcoyJf+/I=","X-Forefront-Antispam-Report":"CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:;\n IPV:NLI; SFV:NSPM; H:DBBPR04MB7737.eurprd04.prod.outlook.com; PTR:; CAT:NONE;\n SFS:(13230040)(10070799003)(366016)(376014)(1800799024)(56012099003)(18002099003)(22082099003);\n DIR:OUT; SFP:1101;","X-MS-Exchange-AntiSpam-MessageData-ChunkCount":"1","X-MS-Exchange-AntiSpam-MessageData-0":"=?utf-8?q?VIFeo9zUqxODt2zduLLAhLIeowdJ?=\n\t=?utf-8?q?9mc4O3Tdt7hKSbO/W7kZTqp9y9cg5I+J75i3s+AitQE7jv6TP7E4To3Da0zbNJgFP?=\n\t=?utf-8?q?u2woemqxMDbhXq3c1rNQ3TJ0a0BIDnwAfZKkShlGU5EX/9+Qfsfg4k9v2mS1HtmP4?=\n\t=?utf-8?q?Sc8CIHXurCS5q5IXjTlsMgluDcL3G908jqjkUmNaumzmrkF9UXoXmtkTSA2StLPVx?=\n\t=?utf-8?q?R6CrRVyZJ1DqipFrxlJreNr7hTBsaZltzNYoAwSCLJB1T2TxZsFCbL1wRQeZCWb4B?=\n\t=?utf-8?q?MYiSXRUJOkN4+uq+WVjbMnLKkkGyoTokN27d6mIXNW63FKH9SiYlDr0CBjKYdtXK9?=\n\t=?utf-8?q?DkPk5cwsvv0vM6uzVQX7yQrrPcitNO2iEnv1+leDTxVMq5tltR1pTqGpkFKR/RU2C?=\n\t=?utf-8?q?NUcGMMN8yYKRmrtfoMP0O06gtxZZ4EVRP5QVSHSkVDQtVQDWoIK0vbDs7FrCSMGB3?=\n\t=?utf-8?q?twCUdceuT227ioDDDvFPA4z0tnWctcbNpOI5zRi53jHqioY9QZbcANOI6L+C1n9zZ?=\n\t=?utf-8?q?9M//1qitKW2Krq5YVb9YhXUqNVo+aZhcUiiVP3t+do15dVQ3gsXElsM81fkFcDlLx?=\n\t=?utf-8?q?qOkfMXhqOUZHNAlb2uSCX2XhXgtciO4dN31y6rzN3f2fhU285/RF+aaQG1OAoU1od?=\n\t=?utf-8?q?z7XLMEeTXwN9m2sR55KOJrtMC6Ppfaqv8mYesnd/+mdBoEZt+PMA7WedcO88aWPlb?=\n\t=?utf-8?q?ITM73r4MMz2BWRR6Xwf08FfGoJ/24yVM+7qHSnnIenz9sY/fbNwJhYLLrL0YQlWO3?=\n\t=?utf-8?q?moxw3mE6R2uxlbLjfl9/2lgIek5o6Rfz/cKT0pEXS9zXp1YI0jiGishEtQQTfbwba?=\n\t=?utf-8?q?l0LO2kU5FqlQaADa5h7sWVCW+58fMNjX8OprAlv8dTCs0UpfzIlqG8olLTyKveBu8?=\n\t=?utf-8?q?LxeOnVu/nGSq8CTvxpkrqpJ1my2l0O4evFKwJGLYpbBmLLBM0mZWx+tsTtEdLL22D?=\n\t=?utf-8?q?U9g30CpQoXPwEs2Df0EXt6cLVp79Yf7TiF7A1SZu208sh/G2sUlRaadlJpVgZu4JI?=\n\t=?utf-8?q?TlzwIbSYUkxiXwfruGZM5XNzFtsTVpY7SNn0f7CxbVn2Vj0ytKF78eyh4zZZih6SA?=\n\t=?utf-8?q?tyuWfJHRLe5X4hE+J0yMgeFaCCeRyBvOWogvTeCAkZhWeXPUMidlUNkYa1SpR8oKg?=\n\t=?utf-8?q?DUgiT4kbCM4JGxbgflo1ssBsl7Ebsb4FSybZnvgXGjKGqJlS+b6y3lxBeZrj4haGF?=\n\t=?utf-8?q?k1dVLJloJhR3d9T3jsuJH6nRwmh4QLTxknbJlm8vV+kUbi8mcGzl7GUozU+PouEPk?=\n\t=?utf-8?q?/XJq5FrzBDUJKGvu5E1f6at0LQTZb+CZFiqKBrEbfCUz+zzYAj9UvhXnpsO4uuS7Y?=\n\t=?utf-8?q?F+Rb3OEdS2CKRG7u1RUHbFq3lAnQpoFvKxX0GA7tzuKFJSIllaGAKqhPMkLoGpaT1?=\n\t=?utf-8?q?EZvlotbPNG8zUhVd33gJbTthFJp5gijMsngnEH5lyvutSZUA2hh0acLX217DebowV?=\n\t=?utf-8?q?PBcR+mIX//UNkPVqfO7tR/cWQOxrO4yw28TqRTYsYWRTdkHp28m/K/VJZlE4jnH7m?=\n\t=?utf-8?q?eFRdpSN/s4fmP9LUdgIhVnbZhk+RyKinEXvAR7AsvKKSyJdDcJgo32CH+P12zabAO?=\n\t=?utf-8?q?I7Zx/PfqhJ+z+9aWI3TGTR1ddHPUQaOyYPriKsHRKzx7Y+pawcsfwUe5ciSFfcp88?=\n\t=?utf-8?q?dCm64NJGDm9E+o/+SMOidfuwX8vr+gDQRNPKQkF2AVCq7vU5yH+Z+XMu18xcpO/k1?=\n\t=?utf-8?q?WsSmokhiY?=","X-OriginatorOrg":"cherry.de","X-MS-Exchange-CrossTenant-Network-Message-Id":"\n d659bcdc-376e-471a-1fe1-08de9fabd68b","X-MS-Exchange-CrossTenant-AuthSource":"DBBPR04MB7737.eurprd04.prod.outlook.com","X-MS-Exchange-CrossTenant-AuthAs":"Internal","X-MS-Exchange-CrossTenant-OriginalArrivalTime":"21 Apr 2026 13:42:32.2298 (UTC)","X-MS-Exchange-CrossTenant-FromEntityHeader":"Hosted","X-MS-Exchange-CrossTenant-Id":"5e0e1b52-21b5-4e7b-83bb-514ec460677e","X-MS-Exchange-CrossTenant-MailboxType":"HOSTED","X-MS-Exchange-CrossTenant-UserPrincipalName":"\n WnLqHp9t6E7xmpReqWLlWVRp1S3A8TV1M+WqSTzYQbdAK1BOf8rTjMMrEhPk/EgCOr/EoCpahPUePU1H35zGvStcxw9fsFvXbaC4lb0ti9A=","X-MS-Exchange-Transport-CrossTenantHeadersStamped":"AM7PR04MB6885","X-BeenThere":"u-boot@lists.denx.de","X-Mailman-Version":"2.1.39","Precedence":"list","List-Id":"U-Boot discussion ","List-Unsubscribe":",\n ","List-Archive":"","List-Post":"","List-Help":"","List-Subscribe":",\n ","Errors-To":"u-boot-bounces@lists.denx.de","Sender":"\"U-Boot\" ","X-Virus-Scanned":"clamav-milter 0.103.8 at phobos.denx.de","X-Virus-Status":"Clean"}}]