[v2,16/50] image: Add Kconfig options for FIT in the host build

In preparation for enabling CONFIG_IS_ENABLED() on the host build, add
some options to enable the various FIT options expected in these tools.
This will ensure that the code builds correctly when CONFIG_HOST_xxx
is distinct from CONFIG_xxx.

Signed-off-by: Simon Glass <sjg@chromium.org>
---

(no changes since v1)

 common/image-fit-sig.c |  3 ++-
 common/image-fit.c     |  4 ++--
 tools/Kconfig          | 25 +++++++++++++++++++++++++
 tools/Makefile         | 18 +++++++++---------
 4 files changed, 38 insertions(+), 12 deletions(-)

On 5/6/21 9:24 AM, Simon Glass wrote:
> In preparation for enabling CONFIG_IS_ENABLED() on the host build, add
> some options to enable the various FIT options expected in these tools.
> This will ensure that the code builds correctly when CONFIG_HOST_xxx
> is distinct from CONFIG_xxx.
> 
> Signed-off-by: Simon Glass <sjg@chromium.org>

Reviewed-by: Alexandru Gagniuc <mr.nuke.me@gmail.com>

This makes me wonder whether we should just always enable host features. 
Right now, each defconfig can have a different mkimage config. So we 
should really have mkimage-imx8, mkimage-stm32mp, etc, which support 
different feature sets. This doesn't make much sense.

The alternative is to get rid of all these configs and always enable 
mkimage features. The disadvantage is that we'd require openssl for 
building target code.

A second alternative is to have a mkimage-nossl that gets built and used 
when openssl isn't available. It's really just openssl that causes such 
a schism.

Alex

> ---
> 
> (no changes since v1)
> 
>   common/image-fit-sig.c |  3 ++-
>   common/image-fit.c     |  4 ++--
>   tools/Kconfig          | 25 +++++++++++++++++++++++++
>   tools/Makefile         | 18 +++++++++---------
>   4 files changed, 38 insertions(+), 12 deletions(-)
> 
> diff --git a/common/image-fit-sig.c b/common/image-fit-sig.c
> index 55ddf1879ed..12a6745c642 100644
> --- a/common/image-fit-sig.c
> +++ b/common/image-fit-sig.c
> @@ -72,11 +72,12 @@ static int fit_image_setup_verify(struct image_sign_info *info,
>   	char *algo_name;
>   	const char *padding_name;
>   
> +#ifndef USE_HOSTCC
>   	if (fdt_totalsize(fit) > CONFIG_FIT_SIGNATURE_MAX_SIZE) {
>   		*err_msgp = "Total size too large";
>   		return 1;
>   	}
> -
> +#endif
>   	if (fit_image_hash_get_algo(fit, noffset, &algo_name)) {
>   		*err_msgp = "Can't get hash algo property";
>   		return -1;
> diff --git a/common/image-fit.c b/common/image-fit.c
> index e614643fe39..a16e2dd54a5 100644
> --- a/common/image-fit.c
> +++ b/common/image-fit.c
> @@ -165,7 +165,7 @@ int fit_get_subimage_count(const void *fit, int images_noffset)
>   	return count;
>   }
>   
> -#if CONFIG_IS_ENABLED(FIT_PRINT) || CONFIG_IS_ENABLED(SPL_FIT_PRINT)
> +#if CONFIG_IS_ENABLED(FIT_PRINT)
>   /**
>    * fit_image_print_data() - prints out the hash node details
>    * @fit: pointer to the FIT format image header
> @@ -573,7 +573,7 @@ void fit_image_print(const void *fit, int image_noffset, const char *p)
>   #else
>   void fit_print_contents(const void *fit) { }
>   void fit_image_print(const void *fit, int image_noffset, const char *p) { }
> -#endif /* CONFIG_IS_ENABLED(FIR_PRINT) || CONFIG_IS_ENABLED(SPL_FIT_PRINT) */
> +#endif /* CONFIG_IS_ENABLED(FIT_PRINT) */
>   
>   /**
>    * fit_get_desc - get node description property
> diff --git a/tools/Kconfig b/tools/Kconfig
> index b2f5012240c..f00ab661135 100644
> --- a/tools/Kconfig
> +++ b/tools/Kconfig
> @@ -9,4 +9,29 @@ config MKIMAGE_DTC_PATH
>   	  some cases the system dtc may not support all required features
>   	  and the path to a different version should be given here.
>   
> +config HOST_FIT
> +	def_bool y
> +	help
> +	  Enable FIT support in the host build.

Don't we always want to enable this for mkimage?

> +
> +config HOST_FIT_FULL_CHECK
> +	def_bool y
> +	help
> +	  Do a full check of the FIT before using it in the host build

How would this be used? FIT vs FIT_FULL is mostly an SPL distinction. I 
don't think we should have it in host tools.

> +
> +config HOST_FIT_PRINT
> +	def_bool y
> +	help
> +	  Print the content of the FIT verbosely in the host build

This option also doesn't make sense.This seems to do what 'mkimage -l' 
already supports.

> +
> +config HOST_FIT_SIGNATURE
> +	def_bool y
> +	help
> +	  Enable signature verification of FIT uImages in the host build

s/verification/signing and verification/

> +
> +config HOST_FIT_SIGNATURE_MAX_SIZE
> +	hex
> +	depends on HOST_FIT_SIGNATURE
> +	default 0x10000000
> +

The only use of FIT_SIGNATURE_MAX_SIZE is under "#ifndef USE_HOSTCC". So 
this wouldn't make any sense for the host.

>   endmenu
> diff --git a/tools/Makefile b/tools/Makefile
> index 2b4bc547abd..d143198f7c9 100644
> --- a/tools/Makefile
> +++ b/tools/Makefile
> @@ -53,12 +53,12 @@ hostprogs-y += mkenvimage
>   mkenvimage-objs := mkenvimage.o os_support.o lib/crc32.o
>   
>   hostprogs-y += dumpimage mkimage
> -hostprogs-$(CONFIG_FIT_SIGNATURE) += fit_info fit_check_sign
> +hostprogs-$(CONFIG_HOST_FIT_SIGNATURE) += fit_info fit_check_sign
>   
>   hostprogs-$(CONFIG_CMD_BOOTEFI_SELFTEST) += file2include
>   
> -FIT_OBJS-$(CONFIG_FIT) := fit_common.o fit_image.o image-host.o common/image-fit.o
> -FIT_SIG_OBJS-$(CONFIG_FIT_SIGNATURE) := common/image-sig.o common/image-fit-sig.o
> +FIT_OBJS-$(CONFIG_HOST_FIT) := fit_common.o fit_image.o image-host.o common/image-fit.o
> +FIT_SIG_OBJS-$(CONFIG_HOST_FIT_SIGNATURE) := common/image-sig.o common/image-fit-sig.o
>   FIT_CIPHER_OBJS-$(CONFIG_FIT_CIPHER) := common/image-cipher.o
>   
>   # The following files are synced with upstream DTC.
> @@ -66,17 +66,17 @@ FIT_CIPHER_OBJS-$(CONFIG_FIT_CIPHER) := common/image-cipher.o
>   LIBFDT_OBJS := $(addprefix libfdt/, fdt.o fdt_ro.o fdt_wip.o fdt_sw.o fdt_rw.o \
>   		fdt_strerror.o fdt_empty_tree.o fdt_addresses.o fdt_overlay.o)
>   
> -RSA_OBJS-$(CONFIG_FIT_SIGNATURE) := $(addprefix lib/rsa/, \
> +RSA_OBJS-$(CONFIG_HOST_FIT_SIGNATURE) := $(addprefix lib/rsa/, \
>   					rsa-sign.o rsa-verify.o \
>   					rsa-mod-exp.o)
>   
> -ECDSA_OBJS-$(CONFIG_FIT_SIGNATURE) := $(addprefix lib/ecdsa/, ecdsa-libcrypto.o)
> +ECDSA_OBJS-$(CONFIG_HOST_FIT_SIGNATURE) := $(addprefix lib/ecdsa/, ecdsa-libcrypto.o)
>   
>   AES_OBJS-$(CONFIG_FIT_CIPHER) := $(addprefix lib/aes/, \
>   					aes-encrypt.o aes-decrypt.o)
>   
>   # Cryptographic helpers that depend on openssl/libcrypto
> -LIBCRYPTO_OBJS-$(CONFIG_FIT_SIGNATURE) := $(addprefix lib/, \
> +LIBCRYPTO_OBJS-$(CONFIG_HOST_FIT_SIGNATURE) := $(addprefix lib/, \
>   					fdt-libcrypto.o)
>   
>   ROCKCHIP_OBS = lib/rc4.o rkcommon.o rkimage.o rksd.o rkspi.o
> @@ -137,13 +137,13 @@ fit_info-objs   := $(dumpimage-mkimage-objs) fit_info.o
>   fit_check_sign-objs   := $(dumpimage-mkimage-objs) fit_check_sign.o
>   file2include-objs := file2include.o
>   
> -ifneq ($(CONFIG_MX23)$(CONFIG_MX28)$(CONFIG_FIT_SIGNATURE),)
> +ifneq ($(CONFIG_MX23)$(CONFIG_MX28)$(CONFIG_HOST_FIT_SIGNATURE),)
>   # Add CONFIG_MXS into host CFLAGS, so we can check whether or not register
>   # the mxsimage support within tools/mxsimage.c .
>   HOSTCFLAGS_mxsimage.o += -DCONFIG_MXS
>   endif
>   
> -ifdef CONFIG_FIT_SIGNATURE
> +ifdef CONFIG_HOST_FIT_SIGNATURE
>   # This affects include/image.h, but including the board config file
>   # is tricky, so manually define this options here.
>   HOST_EXTRACFLAGS	+= -DCONFIG_FIT_SIGNATURE
> @@ -165,7 +165,7 @@ HOSTCFLAGS_kwbimage.o += -DCONFIG_KWB_SECURE
>   endif
>   
>   # MXSImage needs LibSSL
> -ifneq ($(CONFIG_MX23)$(CONFIG_MX28)$(CONFIG_ARMADA_38X)$(CONFIG_FIT_SIGNATURE)$(CONFIG_FIT_CIPHER),)
> +ifneq ($(CONFIG_MX23)$(CONFIG_MX28)$(CONFIG_ARMADA_38X)$(CONFIG_HOST_FIT_SIGNATURE)$(CONFIG_FIT_CIPHER),)
>   HOSTCFLAGS_kwbimage.o += \
>   	$(shell pkg-config --cflags libssl libcrypto 2> /dev/null || echo "")
>   HOSTLDLIBS_mkimage += \
>

On Tue, May 11, 2021 at 02:57:03PM -0500, Alex G. wrote:
> On 5/6/21 9:24 AM, Simon Glass wrote:
> > In preparation for enabling CONFIG_IS_ENABLED() on the host build, add
> > some options to enable the various FIT options expected in these tools.
> > This will ensure that the code builds correctly when CONFIG_HOST_xxx
> > is distinct from CONFIG_xxx.
> > 
> > Signed-off-by: Simon Glass <sjg@chromium.org>
> 
> Reviewed-by: Alexandru Gagniuc <mr.nuke.me@gmail.com>
> 
> This makes me wonder whether we should just always enable host features.
> Right now, each defconfig can have a different mkimage config. So we should
> really have mkimage-imx8, mkimage-stm32mp, etc, which support different
> feature sets. This doesn't make much sense.
> 
> The alternative is to get rid of all these configs and always enable mkimage
> features. The disadvantage is that we'd require openssl for building target
> code.
> 
> A second alternative is to have a mkimage-nossl that gets built and used
> when openssl isn't available. It's really just openssl that causes such a
> schism.

It would probably be best to have a single mkimage for everyone, with
everything on.  But before then we really need to move from openssl to
gnutls or some other library that's compatible as it's been raised
before that linking with openssl like we do is a license violation I
believe.

On 5/11/21 5:34 PM, Tom Rini wrote:
> On Tue, May 11, 2021 at 02:57:03PM -0500, Alex G. wrote:
>> On 5/6/21 9:24 AM, Simon Glass wrote:
>>> In preparation for enabling CONFIG_IS_ENABLED() on the host build, add
>>> some options to enable the various FIT options expected in these tools.
>>> This will ensure that the code builds correctly when CONFIG_HOST_xxx
>>> is distinct from CONFIG_xxx.
>>>
>>> Signed-off-by: Simon Glass <sjg@chromium.org>
>>
>> Reviewed-by: Alexandru Gagniuc <mr.nuke.me@gmail.com>
>>
>> This makes me wonder whether we should just always enable host features.
>> Right now, each defconfig can have a different mkimage config. So we should
>> really have mkimage-imx8, mkimage-stm32mp, etc, which support different
>> feature sets. This doesn't make much sense.
>>
>> The alternative is to get rid of all these configs and always enable mkimage
>> features. The disadvantage is that we'd require openssl for building target
>> code.
>>
>> A second alternative is to have a mkimage-nossl that gets built and used
>> when openssl isn't available. It's really just openssl that causes such a
>> schism.
> 
> It would probably be best to have a single mkimage for everyone, with
> everything on.  But before then we really need to move from openssl to
> gnutls or some other library that's compatible as it's been raised
> before that linking with openssl like we do is a license violation I
> believe.

How about the former alternative for now? i.e. compile mkimage with or 
without openssl, and have that be the only host side switch.

Alex

On Tue, May 11, 2021 at 07:50:38PM -0500, Alex G. wrote:
> On 5/11/21 5:34 PM, Tom Rini wrote:
> > On Tue, May 11, 2021 at 02:57:03PM -0500, Alex G. wrote:
> > > On 5/6/21 9:24 AM, Simon Glass wrote:
> > > > In preparation for enabling CONFIG_IS_ENABLED() on the host build, add
> > > > some options to enable the various FIT options expected in these tools.
> > > > This will ensure that the code builds correctly when CONFIG_HOST_xxx
> > > > is distinct from CONFIG_xxx.
> > > > 
> > > > Signed-off-by: Simon Glass <sjg@chromium.org>
> > > 
> > > Reviewed-by: Alexandru Gagniuc <mr.nuke.me@gmail.com>
> > > 
> > > This makes me wonder whether we should just always enable host features.
> > > Right now, each defconfig can have a different mkimage config. So we should
> > > really have mkimage-imx8, mkimage-stm32mp, etc, which support different
> > > feature sets. This doesn't make much sense.
> > > 
> > > The alternative is to get rid of all these configs and always enable mkimage
> > > features. The disadvantage is that we'd require openssl for building target
> > > code.
> > > 
> > > A second alternative is to have a mkimage-nossl that gets built and used
> > > when openssl isn't available. It's really just openssl that causes such a
> > > schism.
> > 
> > It would probably be best to have a single mkimage for everyone, with
> > everything on.  But before then we really need to move from openssl to
> > gnutls or some other library that's compatible as it's been raised
> > before that linking with openssl like we do is a license violation I
> > believe.
> 
> How about the former alternative for now? i.e. compile mkimage with or
> without openssl, and have that be the only host side switch.

That would be a step in the right direction, yeah.

Hi Alex,

On Tue, 11 May 2021 at 13:57, Alex G. <mr.nuke.me@gmail.com> wrote:
>
> On 5/6/21 9:24 AM, Simon Glass wrote:
> > In preparation for enabling CONFIG_IS_ENABLED() on the host build, add
> > some options to enable the various FIT options expected in these tools.
> > This will ensure that the code builds correctly when CONFIG_HOST_xxx
> > is distinct from CONFIG_xxx.
> >
> > Signed-off-by: Simon Glass <sjg@chromium.org>
>
> Reviewed-by: Alexandru Gagniuc <mr.nuke.me@gmail.com>
>
> This makes me wonder whether we should just always enable host features.
> Right now, each defconfig can have a different mkimage config. So we
> should really have mkimage-imx8, mkimage-stm32mp, etc, which support
> different feature sets. This doesn't make much sense.

My intent is that we enable all features in host tools. For
distributions they build the tools-only config and make things work
that way. But perhaps we could avoid building the tools, or do it
separately, if there were no different between boards.

>
> The alternative is to get rid of all these configs and always enable
> mkimage features. The disadvantage is that we'd require openssl for
> building target code.
>
> A second alternative is to have a mkimage-nossl that gets built and used
> when openssl isn't available. It's really just openssl that causes such
> a schism.

Why is openssl such a problem?

>
> Alex
>
> > ---
> >
> > (no changes since v1)
> >
> >   common/image-fit-sig.c |  3 ++-
> >   common/image-fit.c     |  4 ++--
> >   tools/Kconfig          | 25 +++++++++++++++++++++++++
> >   tools/Makefile         | 18 +++++++++---------
> >   4 files changed, 38 insertions(+), 12 deletions(-)
> >
> > diff --git a/common/image-fit-sig.c b/common/image-fit-sig.c
> > index 55ddf1879ed..12a6745c642 100644
> > --- a/common/image-fit-sig.c
> > +++ b/common/image-fit-sig.c
> > @@ -72,11 +72,12 @@ static int fit_image_setup_verify(struct image_sign_info *info,
> >       char *algo_name;
> >       const char *padding_name;
> >
> > +#ifndef USE_HOSTCC
> >       if (fdt_totalsize(fit) > CONFIG_FIT_SIGNATURE_MAX_SIZE) {
> >               *err_msgp = "Total size too large";
> >               return 1;
> >       }
> > -
> > +#endif
> >       if (fit_image_hash_get_algo(fit, noffset, &algo_name)) {
> >               *err_msgp = "Can't get hash algo property";
> >               return -1;
> > diff --git a/common/image-fit.c b/common/image-fit.c
> > index e614643fe39..a16e2dd54a5 100644
> > --- a/common/image-fit.c
> > +++ b/common/image-fit.c
> > @@ -165,7 +165,7 @@ int fit_get_subimage_count(const void *fit, int images_noffset)
> >       return count;
> >   }
> >
> > -#if CONFIG_IS_ENABLED(FIT_PRINT) || CONFIG_IS_ENABLED(SPL_FIT_PRINT)
> > +#if CONFIG_IS_ENABLED(FIT_PRINT)
> >   /**
> >    * fit_image_print_data() - prints out the hash node details
> >    * @fit: pointer to the FIT format image header
> > @@ -573,7 +573,7 @@ void fit_image_print(const void *fit, int image_noffset, const char *p)
> >   #else
> >   void fit_print_contents(const void *fit) { }
> >   void fit_image_print(const void *fit, int image_noffset, const char *p) { }
> > -#endif /* CONFIG_IS_ENABLED(FIR_PRINT) || CONFIG_IS_ENABLED(SPL_FIT_PRINT) */
> > +#endif /* CONFIG_IS_ENABLED(FIT_PRINT) */
> >
> >   /**
> >    * fit_get_desc - get node description property
> > diff --git a/tools/Kconfig b/tools/Kconfig
> > index b2f5012240c..f00ab661135 100644
> > --- a/tools/Kconfig
> > +++ b/tools/Kconfig
> > @@ -9,4 +9,29 @@ config MKIMAGE_DTC_PATH
> >         some cases the system dtc may not support all required features
> >         and the path to a different version should be given here.
> >
> > +config HOST_FIT
> > +     def_bool y
> > +     help
> > +       Enable FIT support in the host build.
>
> Don't we always want to enable this for mkimage?

Yes, that's right.

>
> > +
> > +config HOST_FIT_FULL_CHECK
> > +     def_bool y
> > +     help
> > +       Do a full check of the FIT before using it in the host build
>
> How would this be used? FIT vs FIT_FULL is mostly an SPL distinction. I
> don't think we should have it in host tools.

It allows us to use CONFIG_IS_ENABLED() everywhere, including in code
built as part of host tools. In fact that is the main purpose of this
series.

>
> > +
> > +config HOST_FIT_PRINT
> > +     def_bool y
> > +     help
> > +       Print the content of the FIT verbosely in the host build
>
> This option also doesn't make sense.This seems to do what 'mkimage -l'
> already supports.

Are you sure you have looked at the goal of the CONFIG_IS_ENABLED()
changes? This is here purely to avoid #ifdefs in the share code.

>
> > +
> > +config HOST_FIT_SIGNATURE
> > +     def_bool y
> > +     help
> > +       Enable signature verification of FIT uImages in the host build
>
> s/verification/signing and verification/

OK, yes it does control that in the tools, by virtue of tools/Makefile

>
> > +
> > +config HOST_FIT_SIGNATURE_MAX_SIZE
> > +     hex
> > +     depends on HOST_FIT_SIGNATURE
> > +     default 0x10000000
> > +
>
> The only use of FIT_SIGNATURE_MAX_SIZE is under "#ifndef USE_HOSTCC". So
> this wouldn't make any sense for the host.

This is used in fit_image_setup_verify() which is build by tools.

[..]

Regards,
Simon

On 5/12/21 9:51 AM, Simon Glass wrote:
> Hi Alex,
> 
> On Tue, 11 May 2021 at 13:57, Alex G. <mr.nuke.me@gmail.com> wrote:
>>
>> On 5/6/21 9:24 AM, Simon Glass wrote:

[snip]

>>
>>> +
>>> +config HOST_FIT_PRINT
>>> +     def_bool y
>>> +     help
>>> +       Print the content of the FIT verbosely in the host build
>>
>> This option also doesn't make sense.This seems to do what 'mkimage -l'
>> already supports.
> 
> Are you sure you have looked at the goal of the CONFIG_IS_ENABLED()
> changes? This is here purely to avoid #ifdefs in the share code.

On the one hand, we have the cosmetic inconvenience caused by #ifdefs. 
On the other hand we have the config system. To most users, the config 
system is likely more visible, while it's mostly developers who will 
ever see the ifdefs.

Therefore, in order to get the developer convenience of less ifdefs, we 
have to sacrifice user convenience by cloberring the Kconfig options. I 
think this is back-to-front.

Can we reduce the host config count to just SLL/NOSSL?

Alex

Hi,

On Tue, 11 May 2021 at 19:10, Tom Rini <trini@konsulko.com> wrote:
>
> On Tue, May 11, 2021 at 07:50:38PM -0500, Alex G. wrote:
> > On 5/11/21 5:34 PM, Tom Rini wrote:
> > > On Tue, May 11, 2021 at 02:57:03PM -0500, Alex G. wrote:
> > > > On 5/6/21 9:24 AM, Simon Glass wrote:
> > > > > In preparation for enabling CONFIG_IS_ENABLED() on the host build, add
> > > > > some options to enable the various FIT options expected in these tools.
> > > > > This will ensure that the code builds correctly when CONFIG_HOST_xxx
> > > > > is distinct from CONFIG_xxx.
> > > > >
> > > > > Signed-off-by: Simon Glass <sjg@chromium.org>
> > > >
> > > > Reviewed-by: Alexandru Gagniuc <mr.nuke.me@gmail.com>
> > > >
> > > > This makes me wonder whether we should just always enable host features.
> > > > Right now, each defconfig can have a different mkimage config. So we should
> > > > really have mkimage-imx8, mkimage-stm32mp, etc, which support different
> > > > feature sets. This doesn't make much sense.
> > > >
> > > > The alternative is to get rid of all these configs and always enable mkimage
> > > > features. The disadvantage is that we'd require openssl for building target
> > > > code.
> > > >
> > > > A second alternative is to have a mkimage-nossl that gets built and used
> > > > when openssl isn't available. It's really just openssl that causes such a
> > > > schism.
> > >
> > > It would probably be best to have a single mkimage for everyone, with
> > > everything on.  But before then we really need to move from openssl to
> > > gnutls or some other library that's compatible as it's been raised
> > > before that linking with openssl like we do is a license violation I
> > > believe.
> >
> > How about the former alternative for now? i.e. compile mkimage with or
> > without openssl, and have that be the only host side switch.
>
> That would be a step in the right direction, yeah.

We have a NO_SDL build-time control. Perhaps have a NO_SSL one as well?

Regards,
Simon

Hi Alex,

On Wed, 12 May 2021 at 09:48, Alex G. <mr.nuke.me@gmail.com> wrote:
>
>
>
> On 5/12/21 9:51 AM, Simon Glass wrote:
> > Hi Alex,
> >
> > On Tue, 11 May 2021 at 13:57, Alex G. <mr.nuke.me@gmail.com> wrote:
> >>
> >> On 5/6/21 9:24 AM, Simon Glass wrote:
>
> [snip]
>
> >>
> >>> +
> >>> +config HOST_FIT_PRINT
> >>> +     def_bool y
> >>> +     help
> >>> +       Print the content of the FIT verbosely in the host build
> >>
> >> This option also doesn't make sense.This seems to do what 'mkimage -l'
> >> already supports.
> >
> > Are you sure you have looked at the goal of the CONFIG_IS_ENABLED()
> > changes? This is here purely to avoid #ifdefs in the share code.
>
> On the one hand, we have the cosmetic inconvenience caused by #ifdefs.
> On the other hand we have the config system. To most users, the config
> system is likely more visible, while it's mostly developers who will
> ever see the ifdefs.
>
> Therefore, in order to get the developer convenience of less ifdefs, we
> have to sacrifice user convenience by cloberring the Kconfig options. I
> think this is back-to-front.

These Kconfig options are not visible to users. They cannot be updated
in defconfig, nor in 'make menuconfig', etc. They are purely there for
the build system.

>
> Can we reduce the host config count to just SLL/NOSSL?

The point here is that the code has a special case for host builds,
and this is a means to remove that special case and make the code
easier to maintain and follow.

Regards,
Simon

On 5/12/21 10:54 AM, Simon Glass wrote:
> Hi Alex,
> 
> On Wed, 12 May 2021 at 09:48, Alex G. <mr.nuke.me@gmail.com> wrote:
>>
>>
>>
>> On 5/12/21 9:51 AM, Simon Glass wrote:
>>> Hi Alex,
>>>
>>> On Tue, 11 May 2021 at 13:57, Alex G. <mr.nuke.me@gmail.com> wrote:
>>>>
>>>> On 5/6/21 9:24 AM, Simon Glass wrote:
>>
>> [snip]
>>
>>>>
>>>>> +
>>>>> +config HOST_FIT_PRINT
>>>>> +     def_bool y
>>>>> +     help
>>>>> +       Print the content of the FIT verbosely in the host build
>>>>
>>>> This option also doesn't make sense.This seems to do what 'mkimage -l'
>>>> already supports.
>>>
>>> Are you sure you have looked at the goal of the CONFIG_IS_ENABLED()
>>> changes? This is here purely to avoid #ifdefs in the share code.
>>
>> On the one hand, we have the cosmetic inconvenience caused by #ifdefs.
>> On the other hand we have the config system. To most users, the config
>> system is likely more visible, while it's mostly developers who will
>> ever see the ifdefs.
>>
>> Therefore, in order to get the developer convenience of less ifdefs, we
>> have to sacrifice user convenience by cloberring the Kconfig options. I
>> think this is back-to-front.
> 
> These Kconfig options are not visible to users. They cannot be updated
> in defconfig, nor in 'make menuconfig', etc. They are purely there for
> the build system.
> 
>>
>> Can we reduce the host config count to just SLL/NOSSL?
> 
> The point here is that the code has a special case for host builds,
> and this is a means to remove that special case and make the code
> easier to maintain and follow.

I understand where you're coming from. Without these changes, the code 
knows what it should and should not do, correct? My argument is that if 
the code has the logic to do the correct thing, that logic should not be 
split with the config system.

I agree with the goal of reducing clutter in the source code. I disagree 
with this specific course of fixing it. Instead, I propose a single 
kconfig for host tools for SSL on/off.

The disadvantage of my proposal is that we have to refactor the common 
code in a way consistent with the goals, instead of just changing some 
#ifdefs to if(CONFIG_IS_ENABLED()). I admit that, off the top of my 
head, I don't have a detailed plan on how to achieve this.

Alex

On 5/12/21 10:52 AM, Simon Glass wrote:
> Hi,
> 
> On Tue, 11 May 2021 at 19:10, Tom Rini <trini@konsulko.com> wrote:
>>
>> On Tue, May 11, 2021 at 07:50:38PM -0500, Alex G. wrote:
>>> On 5/11/21 5:34 PM, Tom Rini wrote:
>>>> On Tue, May 11, 2021 at 02:57:03PM -0500, Alex G. wrote:
>>>>> On 5/6/21 9:24 AM, Simon Glass wrote:
>>>>>> In preparation for enabling CONFIG_IS_ENABLED() on the host build, add
>>>>>> some options to enable the various FIT options expected in these tools.
>>>>>> This will ensure that the code builds correctly when CONFIG_HOST_xxx
>>>>>> is distinct from CONFIG_xxx.
>>>>>>
>>>>>> Signed-off-by: Simon Glass <sjg@chromium.org>
>>>>>
>>>>> Reviewed-by: Alexandru Gagniuc <mr.nuke.me@gmail.com>
>>>>>
>>>>> This makes me wonder whether we should just always enable host features.
>>>>> Right now, each defconfig can have a different mkimage config. So we should
>>>>> really have mkimage-imx8, mkimage-stm32mp, etc, which support different
>>>>> feature sets. This doesn't make much sense.
>>>>>
>>>>> The alternative is to get rid of all these configs and always enable mkimage
>>>>> features. The disadvantage is that we'd require openssl for building target
>>>>> code.
>>>>>
>>>>> A second alternative is to have a mkimage-nossl that gets built and used
>>>>> when openssl isn't available. It's really just openssl that causes such a
>>>>> schism.
>>>>
>>>> It would probably be best to have a single mkimage for everyone, with
>>>> everything on.  But before then we really need to move from openssl to
>>>> gnutls or some other library that's compatible as it's been raised
>>>> before that linking with openssl like we do is a license violation I
>>>> believe.
>>>
>>> How about the former alternative for now? i.e. compile mkimage with or
>>> without openssl, and have that be the only host side switch.
>>
>> That would be a step in the right direction, yeah.
> 
> We have a NO_SDL build-time control. Perhaps have a NO_SSL one as well?

It could be a config option instead of an environment variable. I think 
it can be independent of target options, since we don't sign images in 
the buildsystem anyway -- we can enable FIT verification, but mkimage 
without openssl.

Alex

On Wed, May 12, 2021 at 11:19:52AM -0500, Alex G. wrote:
> 
> 
> On 5/12/21 10:52 AM, Simon Glass wrote:
> > Hi,
> > 
> > On Tue, 11 May 2021 at 19:10, Tom Rini <trini@konsulko.com> wrote:
> > > 
> > > On Tue, May 11, 2021 at 07:50:38PM -0500, Alex G. wrote:
> > > > On 5/11/21 5:34 PM, Tom Rini wrote:
> > > > > On Tue, May 11, 2021 at 02:57:03PM -0500, Alex G. wrote:
> > > > > > On 5/6/21 9:24 AM, Simon Glass wrote:
> > > > > > > In preparation for enabling CONFIG_IS_ENABLED() on the host build, add
> > > > > > > some options to enable the various FIT options expected in these tools.
> > > > > > > This will ensure that the code builds correctly when CONFIG_HOST_xxx
> > > > > > > is distinct from CONFIG_xxx.
> > > > > > > 
> > > > > > > Signed-off-by: Simon Glass <sjg@chromium.org>
> > > > > > 
> > > > > > Reviewed-by: Alexandru Gagniuc <mr.nuke.me@gmail.com>
> > > > > > 
> > > > > > This makes me wonder whether we should just always enable host features.
> > > > > > Right now, each defconfig can have a different mkimage config. So we should
> > > > > > really have mkimage-imx8, mkimage-stm32mp, etc, which support different
> > > > > > feature sets. This doesn't make much sense.
> > > > > > 
> > > > > > The alternative is to get rid of all these configs and always enable mkimage
> > > > > > features. The disadvantage is that we'd require openssl for building target
> > > > > > code.
> > > > > > 
> > > > > > A second alternative is to have a mkimage-nossl that gets built and used
> > > > > > when openssl isn't available. It's really just openssl that causes such a
> > > > > > schism.
> > > > > 
> > > > > It would probably be best to have a single mkimage for everyone, with
> > > > > everything on.  But before then we really need to move from openssl to
> > > > > gnutls or some other library that's compatible as it's been raised
> > > > > before that linking with openssl like we do is a license violation I
> > > > > believe.
> > > > 
> > > > How about the former alternative for now? i.e. compile mkimage with or
> > > > without openssl, and have that be the only host side switch.
> > > 
> > > That would be a step in the right direction, yeah.
> > 
> > We have a NO_SDL build-time control. Perhaps have a NO_SSL one as well?
> 
> It could be a config option instead of an environment variable. I think it
> can be independent of target options, since we don't sign images in the
> buildsystem anyway -- we can enable FIT verification, but mkimage without
> openssl.

As people point out from time to time, "NO_SDL" is very non-obvious and
doesn't fit with how the rest of U-Boot is configured.  So I would
rather not see NO_SSL added.  Frankly, given everything else that's
needed to build today, I don't think just enabling the support for
verified boot in mkimage by default and making it a bit odd to turn off
is a problem.  But given:
https://lists.denx.de/pipermail/u-boot/2017-December/313742.html
I would really like to see the switch to gnutls or some other clearly
compatibly licensed library first.

Hi Alex,

On Wed, 12 May 2021 at 10:18, Alex G. <mr.nuke.me@gmail.com> wrote:
>
>
>
> On 5/12/21 10:54 AM, Simon Glass wrote:
> > Hi Alex,
> >
> > On Wed, 12 May 2021 at 09:48, Alex G. <mr.nuke.me@gmail.com> wrote:
> >>
> >>
> >>
> >> On 5/12/21 9:51 AM, Simon Glass wrote:
> >>> Hi Alex,
> >>>
> >>> On Tue, 11 May 2021 at 13:57, Alex G. <mr.nuke.me@gmail.com> wrote:
> >>>>
> >>>> On 5/6/21 9:24 AM, Simon Glass wrote:
> >>
> >> [snip]
> >>
> >>>>
> >>>>> +
> >>>>> +config HOST_FIT_PRINT
> >>>>> +     def_bool y
> >>>>> +     help
> >>>>> +       Print the content of the FIT verbosely in the host build
> >>>>
> >>>> This option also doesn't make sense.This seems to do what 'mkimage -l'
> >>>> already supports.
> >>>
> >>> Are you sure you have looked at the goal of the CONFIG_IS_ENABLED()
> >>> changes? This is here purely to avoid #ifdefs in the share code.
> >>
> >> On the one hand, we have the cosmetic inconvenience caused by #ifdefs.
> >> On the other hand we have the config system. To most users, the config
> >> system is likely more visible, while it's mostly developers who will
> >> ever see the ifdefs.
> >>
> >> Therefore, in order to get the developer convenience of less ifdefs, we
> >> have to sacrifice user convenience by cloberring the Kconfig options. I
> >> think this is back-to-front.
> >
> > These Kconfig options are not visible to users. They cannot be updated
> > in defconfig, nor in 'make menuconfig', etc. They are purely there for
> > the build system.
> >
> >>
> >> Can we reduce the host config count to just SLL/NOSSL?
> >
> > The point here is that the code has a special case for host builds,
> > and this is a means to remove that special case and make the code
> > easier to maintain and follow.
>
> I understand where you're coming from. Without these changes, the code
> knows what it should and should not do, correct? My argument is that if
> the code has the logic to do the correct thing, that logic should not be
> split with the config system.
>
> I agree with the goal of reducing clutter in the source code. I disagree
> with this specific course of fixing it. Instead, I propose a single
> kconfig for host tools for SSL on/off.
>
> The disadvantage of my proposal is that we have to refactor the common
> code in a way consistent with the goals, instead of just changing some
> #ifdefs to if(CONFIG_IS_ENABLED()). I admit that, off the top of my
> head, I don't have a detailed plan on how to achieve this.

You are mostly describing the status quo, so far as I understand it.
The problem is with the code that is built for both boards and tools.
For boards, we want this code to be compiled conditionally, depending
on what options are enabled. For tools, we want the code to be
compiled unconditionally.

I can think of only three ways to do this:

- status quo (add #ifdefs USE_HOSTCC wherever we need to)
- my series (make use of hidden Kconfig options to avoid that)
- put every single feature and associated lines of code in separate
files and compile them conditionally for boards, but always for tools

I believe the last option is actually impossible, or at least
impractical. It would cause an explosion of source files to deal with
all the various combinations, and would be quite painful to maintain
also.

Regards,
SImon

On 5/12/21 12:30 PM, Simon Glass wrote:
> Hi Alex,
> 
> On Wed, 12 May 2021 at 10:18, Alex G. <mr.nuke.me@gmail.com> wrote:
>>
>>
>>
>> On 5/12/21 10:54 AM, Simon Glass wrote:
>>> Hi Alex,
>>>
>>> On Wed, 12 May 2021 at 09:48, Alex G. <mr.nuke.me@gmail.com> wrote:
>>>>
>>>>
>>>>
>>>> On 5/12/21 9:51 AM, Simon Glass wrote:
>>>>> Hi Alex,
>>>>>
>>>>> On Tue, 11 May 2021 at 13:57, Alex G. <mr.nuke.me@gmail.com> wrote:
>>>>>>
>>>>>> On 5/6/21 9:24 AM, Simon Glass wrote:
>>>>
>>>> [snip]
>>>>
>>>>>>
>>>>>>> +
>>>>>>> +config HOST_FIT_PRINT
>>>>>>> +     def_bool y
>>>>>>> +     help
>>>>>>> +       Print the content of the FIT verbosely in the host build
>>>>>>
>>>>>> This option also doesn't make sense.This seems to do what 'mkimage -l'
>>>>>> already supports.
>>>>>
>>>>> Are you sure you have looked at the goal of the CONFIG_IS_ENABLED()
>>>>> changes? This is here purely to avoid #ifdefs in the share code.
>>>>
>>>> On the one hand, we have the cosmetic inconvenience caused by #ifdefs.
>>>> On the other hand we have the config system. To most users, the config
>>>> system is likely more visible, while it's mostly developers who will
>>>> ever see the ifdefs.
>>>>
>>>> Therefore, in order to get the developer convenience of less ifdefs, we
>>>> have to sacrifice user convenience by cloberring the Kconfig options. I
>>>> think this is back-to-front.
>>>
>>> These Kconfig options are not visible to users. They cannot be updated
>>> in defconfig, nor in 'make menuconfig', etc. They are purely there for
>>> the build system.
>>>
>>>>
>>>> Can we reduce the host config count to just SLL/NOSSL?
>>>
>>> The point here is that the code has a special case for host builds,
>>> and this is a means to remove that special case and make the code
>>> easier to maintain and follow.
>>
>> I understand where you're coming from. Without these changes, the code
>> knows what it should and should not do, correct? My argument is that if
>> the code has the logic to do the correct thing, that logic should not be
>> split with the config system.
>>
>> I agree with the goal of reducing clutter in the source code. I disagree
>> with this specific course of fixing it. Instead, I propose a single
>> kconfig for host tools for SSL on/off.
>>
>> The disadvantage of my proposal is that we have to refactor the common
>> code in a way consistent with the goals, instead of just changing some
>> #ifdefs to if(CONFIG_IS_ENABLED()). I admit that, off the top of my
>> head, I don't have a detailed plan on how to achieve this.
> 
> You are mostly describing the status quo, so far as I understand it.
> The problem is with the code that is built for both boards and tools.
> For boards, we want this code to be compiled conditionally, depending
> on what options are enabled. For tools, we want the code to be
> compiled unconditionally.
> 
> I can think of only three ways to do this:
> 
> - status quo (add #ifdefs USE_HOSTCC wherever we need to)
> - my series (make use of hidden Kconfig options to avoid that)
> - put every single feature and associated lines of code in separate
> files and compile them conditionally for boards, but always for tools
> 
> I believe the last option is actually impossible, or at least
> impractical. It would cause an explosion of source files to deal with
> all the various combinations, and would be quite painful to maintain
> also.

I don't think the status quo is such a terrible solution, so I am 
looking at the aspects that can benefit from improvement. Hence why it 
may appear I am talking about the status quo.

Let's assume CONFIG_IS_ENABLED() returns true on host builds, and for 
those cases where you need to know if IS_HOST_BUILD(), there's a macro 
for that. You have the oddball case that uses a CONFIG_ value that's 
only defined on the target, and those you would have to split according 
to your option #3.

I don't think the above is as dire an explosion in source files as it seems.

Another point of contention is checksum_algos and crypto_algos arrays 
image-sig.c. On the target side, these should be in .u-boot-list. Status 
quo is the definition of rsa_verify is hidden behind #if macros, which 
just pushes the complexity out into the rsa.h headers.

The two ideas here are CONFIG_IS_ENABLED() returns true for host code, 
and image-sig.c is split bwtween host and target versions, the target 
version making use of .uboot-list. Using these as the starting points, I 
think we can get to a much better solution

Alex

Hi Alex,

On Thu, 13 May 2021 at 10:21, Alex G. <mr.nuke.me@gmail.com> wrote:
>
>
>
> On 5/12/21 12:30 PM, Simon Glass wrote:
> > Hi Alex,
> >
> > On Wed, 12 May 2021 at 10:18, Alex G. <mr.nuke.me@gmail.com> wrote:
> >>
> >>
> >>
> >> On 5/12/21 10:54 AM, Simon Glass wrote:
> >>> Hi Alex,
> >>>
> >>> On Wed, 12 May 2021 at 09:48, Alex G. <mr.nuke.me@gmail.com> wrote:
> >>>>
> >>>>
> >>>>
> >>>> On 5/12/21 9:51 AM, Simon Glass wrote:
> >>>>> Hi Alex,
> >>>>>
> >>>>> On Tue, 11 May 2021 at 13:57, Alex G. <mr.nuke.me@gmail.com> wrote:
> >>>>>>
> >>>>>> On 5/6/21 9:24 AM, Simon Glass wrote:
> >>>>
> >>>> [snip]
> >>>>
> >>>>>>
> >>>>>>> +
> >>>>>>> +config HOST_FIT_PRINT
> >>>>>>> +     def_bool y
> >>>>>>> +     help
> >>>>>>> +       Print the content of the FIT verbosely in the host build
> >>>>>>
> >>>>>> This option also doesn't make sense.This seems to do what 'mkimage -l'
> >>>>>> already supports.
> >>>>>
> >>>>> Are you sure you have looked at the goal of the CONFIG_IS_ENABLED()
> >>>>> changes? This is here purely to avoid #ifdefs in the share code.
> >>>>
> >>>> On the one hand, we have the cosmetic inconvenience caused by #ifdefs.
> >>>> On the other hand we have the config system. To most users, the config
> >>>> system is likely more visible, while it's mostly developers who will
> >>>> ever see the ifdefs.
> >>>>
> >>>> Therefore, in order to get the developer convenience of less ifdefs, we
> >>>> have to sacrifice user convenience by cloberring the Kconfig options. I
> >>>> think this is back-to-front.
> >>>
> >>> These Kconfig options are not visible to users. They cannot be updated
> >>> in defconfig, nor in 'make menuconfig', etc. They are purely there for
> >>> the build system.
> >>>
> >>>>
> >>>> Can we reduce the host config count to just SLL/NOSSL?
> >>>
> >>> The point here is that the code has a special case for host builds,
> >>> and this is a means to remove that special case and make the code
> >>> easier to maintain and follow.
> >>
> >> I understand where you're coming from. Without these changes, the code
> >> knows what it should and should not do, correct? My argument is that if
> >> the code has the logic to do the correct thing, that logic should not be
> >> split with the config system.
> >>
> >> I agree with the goal of reducing clutter in the source code. I disagree
> >> with this specific course of fixing it. Instead, I propose a single
> >> kconfig for host tools for SSL on/off.
> >>
> >> The disadvantage of my proposal is that we have to refactor the common
> >> code in a way consistent with the goals, instead of just changing some
> >> #ifdefs to if(CONFIG_IS_ENABLED()). I admit that, off the top of my
> >> head, I don't have a detailed plan on how to achieve this.
> >
> > You are mostly describing the status quo, so far as I understand it.
> > The problem is with the code that is built for both boards and tools.
> > For boards, we want this code to be compiled conditionally, depending
> > on what options are enabled. For tools, we want the code to be
> > compiled unconditionally.
> >
> > I can think of only three ways to do this:
> >
> > - status quo (add #ifdefs USE_HOSTCC wherever we need to)
> > - my series (make use of hidden Kconfig options to avoid that)
> > - put every single feature and associated lines of code in separate
> > files and compile them conditionally for boards, but always for tools
> >
> > I believe the last option is actually impossible, or at least
> > impractical. It would cause an explosion of source files to deal with
> > all the various combinations, and would be quite painful to maintain
> > also.
>
> I don't think the status quo is such a terrible solution, so I am
> looking at the aspects that can benefit from improvement. Hence why it
> may appear I am talking about the status quo.
>
> Let's assume CONFIG_IS_ENABLED() returns true on host builds, and for
> those cases where you need to know if IS_HOST_BUILD(), there's a macro
> for that. You have the oddball case that uses a CONFIG_ value that's
> only defined on the target, and those you would have to split according
> to your option #3.
>
> I don't think the above is as dire an explosion in source files as it seems.
>
> Another point of contention is checksum_algos and crypto_algos arrays
> image-sig.c. On the target side, these should be in .u-boot-list. Status
> quo is the definition of rsa_verify is hidden behind #if macros, which
> just pushes the complexity out into the rsa.h headers.
>
> The two ideas here are CONFIG_IS_ENABLED() returns true for host code,
> and image-sig.c is split bwtween host and target versions, the target
> version making use of .uboot-list. Using these as the starting points, I
> think we can get to a much better solution

I did consider simply defining CONFIG_IS_ENABLED() to true for the
host, but rejected that because I worried it would break down at some
point. Examples I can think of at the moment:

- conflicting or alternative options (OF_LIVE, OF_HOST_FILE, OF_SEPARATE)
- code that is not actually wanted on the host (WATCHDOG,
NEEDS_MANUAL_RELOC, FPGA)
- code that we want on the host but not the board (so we end up with a
dummy CONFIG for the boards?)
- all the SPL / TPL / VPL options which would always end up being
true, when in fact we probably want none of them

I think you should more clearly explain your objection to the hidden
Kconfig options, since your original reason ("clobbering the Kconfig
space") doesn't seem to have survived further analysis.

Having said that, I can imagine with a lot of refactoring it might be
possible to address some of those. I just don't see it as a feasible
option from here. The effort would be better spent improving testing,
I think. But if you'd like to code something up for it, I'd be
interested to see it.

Re the linker-list stuff, yes we should push more things to those
instead of #ifdefs and weak functions. Hashing and crypto are prime
examples. In fact host tools can use linker lists too if we need that.

Regards,
Simon

On 5/13/21 6:56 PM, Simon Glass wrote:
> Hi Alex,
> 
> On Thu, 13 May 2021 at 10:21, Alex G. <mr.nuke.me@gmail.com> wrote:
>>
>>
>>
>> On 5/12/21 12:30 PM, Simon Glass wrote:
>>> Hi Alex,
>>>
>>> On Wed, 12 May 2021 at 10:18, Alex G. <mr.nuke.me@gmail.com> wrote:
>>>>
>>>>
>>>>
>>>> On 5/12/21 10:54 AM, Simon Glass wrote:
>>>>> Hi Alex,
>>>>>
>>>>> On Wed, 12 May 2021 at 09:48, Alex G. <mr.nuke.me@gmail.com> wrote:
>>>>>>
>>>>>>
>>>>>>
>>>>>> On 5/12/21 9:51 AM, Simon Glass wrote:
>>>>>>> Hi Alex,
>>>>>>>
>>>>>>> On Tue, 11 May 2021 at 13:57, Alex G. <mr.nuke.me@gmail.com> wrote:
>>>>>>>>
>>>>>>>> On 5/6/21 9:24 AM, Simon Glass wrote:
>>>>>>
>>>>>> [snip]
>>>>>>
>>>>>>>>
>>>>>>>>> +
>>>>>>>>> +config HOST_FIT_PRINT
>>>>>>>>> +     def_bool y
>>>>>>>>> +     help
>>>>>>>>> +       Print the content of the FIT verbosely in the host build
>>>>>>>>
>>>>>>>> This option also doesn't make sense.This seems to do what 'mkimage -l'
>>>>>>>> already supports.
>>>>>>>
>>>>>>> Are you sure you have looked at the goal of the CONFIG_IS_ENABLED()
>>>>>>> changes? This is here purely to avoid #ifdefs in the share code.
>>>>>>
>>>>>> On the one hand, we have the cosmetic inconvenience caused by #ifdefs.
>>>>>> On the other hand we have the config system. To most users, the config
>>>>>> system is likely more visible, while it's mostly developers who will
>>>>>> ever see the ifdefs.
>>>>>>
>>>>>> Therefore, in order to get the developer convenience of less ifdefs, we
>>>>>> have to sacrifice user convenience by cloberring the Kconfig options. I
>>>>>> think this is back-to-front.
>>>>>
>>>>> These Kconfig options are not visible to users. They cannot be updated
>>>>> in defconfig, nor in 'make menuconfig', etc. They are purely there for
>>>>> the build system.
>>>>>
>>>>>>
>>>>>> Can we reduce the host config count to just SLL/NOSSL?
>>>>>
>>>>> The point here is that the code has a special case for host builds,
>>>>> and this is a means to remove that special case and make the code
>>>>> easier to maintain and follow.
>>>>
>>>> I understand where you're coming from. Without these changes, the code
>>>> knows what it should and should not do, correct? My argument is that if
>>>> the code has the logic to do the correct thing, that logic should not be
>>>> split with the config system.
>>>>
>>>> I agree with the goal of reducing clutter in the source code. I disagree
>>>> with this specific course of fixing it. Instead, I propose a single
>>>> kconfig for host tools for SSL on/off.
>>>>
>>>> The disadvantage of my proposal is that we have to refactor the common
>>>> code in a way consistent with the goals, instead of just changing some
>>>> #ifdefs to if(CONFIG_IS_ENABLED()). I admit that, off the top of my
>>>> head, I don't have a detailed plan on how to achieve this.
>>>
>>> You are mostly describing the status quo, so far as I understand it.
>>> The problem is with the code that is built for both boards and tools.
>>> For boards, we want this code to be compiled conditionally, depending
>>> on what options are enabled. For tools, we want the code to be
>>> compiled unconditionally.
>>>
>>> I can think of only three ways to do this:
>>>
>>> - status quo (add #ifdefs USE_HOSTCC wherever we need to)
>>> - my series (make use of hidden Kconfig options to avoid that)
>>> - put every single feature and associated lines of code in separate
>>> files and compile them conditionally for boards, but always for tools
>>>
>>> I believe the last option is actually impossible, or at least
>>> impractical. It would cause an explosion of source files to deal with
>>> all the various combinations, and would be quite painful to maintain
>>> also.
>>
>> I don't think the status quo is such a terrible solution, so I am
>> looking at the aspects that can benefit from improvement. Hence why it
>> may appear I am talking about the status quo.
>>
>> Let's assume CONFIG_IS_ENABLED() returns true on host builds, and for
>> those cases where you need to know if IS_HOST_BUILD(), there's a macro
>> for that. You have the oddball case that uses a CONFIG_ value that's
>> only defined on the target, and those you would have to split according
>> to your option #3.
>>
>> I don't think the above is as dire an explosion in source files as it seems.
>>
>> Another point of contention is checksum_algos and crypto_algos arrays
>> image-sig.c. On the target side, these should be in .u-boot-list. Status
>> quo is the definition of rsa_verify is hidden behind #if macros, which
>> just pushes the complexity out into the rsa.h headers.
>>
>> The two ideas here are CONFIG_IS_ENABLED() returns true for host code,
>> and image-sig.c is split bwtween host and target versions, the target
>> version making use of .uboot-list. Using these as the starting points, I
>> think we can get to a much better solution
> 
> I did consider simply defining CONFIG_IS_ENABLED() to true for the
> host, but rejected that because I worried it would break down at some
> point. Examples I can think of at the moment:
> 
> - conflicting or alternative options (OF_LIVE, OF_HOST_FILE, OF_SEPARATE)
> - code that is not actually wanted on the host (WATCHDOG,
> NEEDS_MANUAL_RELOC, FPGA)
> - code that we want on the host but not the board (so we end up with a
> dummy CONFIG for the boards?)
> - all the SPL / TPL / VPL options which would always end up being
> true, when in fact we probably want none of them
> 
> I think you should more clearly explain your objection to the hidden
> Kconfig options, since your original reason ("clobbering the Kconfig
> space") doesn't seem to have survived further analysis.

I thought it to have been already explained and settled. It objectively 
increase the complexity of the logic. Instead of the logic being defined 
in one place (code), it is now defined in two places (code and Kconfig).

And subjectively, when adding ECDSA support, I found the ifs/ifdefs that 
were derived from kconfig code to be extremely confusing. It would have 
helped trememdously if the host code would flow with less 'kconfig' 
decision points. I don't find this series to improve on that.

> Having said that, I can imagine with a lot of refactoring it might be
> possible to address some of those. I just don't see it as a feasible
> option from here. The effort would be better spent improving testing,
> I think. But if you'd like to code something up for it, I'd be
> interested to see it.

We are in agreement that refactoring will improve the situation. I don't 
think it's so dire that it's unfeasible. However, if you'd like, we can 
start in smaller chunks.

> Re the linker-list stuff, yes we should push more things to those
> instead of #ifdefs and weak functions. Hashing and crypto are prime
> examples. In fact host tools can use linker lists too if we need that.

Pretty low hanging fruit here. Let me try to code something up.

> Regards,
> Simon
>

Hi Alex,

On Fri, 14 May 2021 at 09:12, Alex G. <mr.nuke.me@gmail.com> wrote:
>
>
>
> On 5/13/21 6:56 PM, Simon Glass wrote:
> > Hi Alex,
> >
> > On Thu, 13 May 2021 at 10:21, Alex G. <mr.nuke.me@gmail.com> wrote:
> >>
> >>
> >>
> >> On 5/12/21 12:30 PM, Simon Glass wrote:
> >>> Hi Alex,
> >>>
> >>> On Wed, 12 May 2021 at 10:18, Alex G. <mr.nuke.me@gmail.com> wrote:
> >>>>
> >>>>
> >>>>
> >>>> On 5/12/21 10:54 AM, Simon Glass wrote:
> >>>>> Hi Alex,
> >>>>>
> >>>>> On Wed, 12 May 2021 at 09:48, Alex G. <mr.nuke.me@gmail.com> wrote:
> >>>>>>
> >>>>>>
> >>>>>>
> >>>>>> On 5/12/21 9:51 AM, Simon Glass wrote:
> >>>>>>> Hi Alex,
> >>>>>>>
> >>>>>>> On Tue, 11 May 2021 at 13:57, Alex G. <mr.nuke.me@gmail.com> wrote:
> >>>>>>>>
> >>>>>>>> On 5/6/21 9:24 AM, Simon Glass wrote:
> >>>>>>
> >>>>>> [snip]
> >>>>>>
> >>>>>>>>
> >>>>>>>>> +
> >>>>>>>>> +config HOST_FIT_PRINT
> >>>>>>>>> +     def_bool y
> >>>>>>>>> +     help
> >>>>>>>>> +       Print the content of the FIT verbosely in the host build
> >>>>>>>>
> >>>>>>>> This option also doesn't make sense.This seems to do what 'mkimage -l'
> >>>>>>>> already supports.
> >>>>>>>
> >>>>>>> Are you sure you have looked at the goal of the CONFIG_IS_ENABLED()
> >>>>>>> changes? This is here purely to avoid #ifdefs in the share code.
> >>>>>>
> >>>>>> On the one hand, we have the cosmetic inconvenience caused by #ifdefs.
> >>>>>> On the other hand we have the config system. To most users, the config
> >>>>>> system is likely more visible, while it's mostly developers who will
> >>>>>> ever see the ifdefs.
> >>>>>>
> >>>>>> Therefore, in order to get the developer convenience of less ifdefs, we
> >>>>>> have to sacrifice user convenience by cloberring the Kconfig options. I
> >>>>>> think this is back-to-front.
> >>>>>
> >>>>> These Kconfig options are not visible to users. They cannot be updated
> >>>>> in defconfig, nor in 'make menuconfig', etc. They are purely there for
> >>>>> the build system.
> >>>>>
> >>>>>>
> >>>>>> Can we reduce the host config count to just SLL/NOSSL?
> >>>>>
> >>>>> The point here is that the code has a special case for host builds,
> >>>>> and this is a means to remove that special case and make the code
> >>>>> easier to maintain and follow.
> >>>>
> >>>> I understand where you're coming from. Without these changes, the code
> >>>> knows what it should and should not do, correct? My argument is that if
> >>>> the code has the logic to do the correct thing, that logic should not be
> >>>> split with the config system.
> >>>>
> >>>> I agree with the goal of reducing clutter in the source code. I disagree
> >>>> with this specific course of fixing it. Instead, I propose a single
> >>>> kconfig for host tools for SSL on/off.
> >>>>
> >>>> The disadvantage of my proposal is that we have to refactor the common
> >>>> code in a way consistent with the goals, instead of just changing some
> >>>> #ifdefs to if(CONFIG_IS_ENABLED()). I admit that, off the top of my
> >>>> head, I don't have a detailed plan on how to achieve this.
> >>>
> >>> You are mostly describing the status quo, so far as I understand it.
> >>> The problem is with the code that is built for both boards and tools.
> >>> For boards, we want this code to be compiled conditionally, depending
> >>> on what options are enabled. For tools, we want the code to be
> >>> compiled unconditionally.
> >>>
> >>> I can think of only three ways to do this:
> >>>
> >>> - status quo (add #ifdefs USE_HOSTCC wherever we need to)
> >>> - my series (make use of hidden Kconfig options to avoid that)
> >>> - put every single feature and associated lines of code in separate
> >>> files and compile them conditionally for boards, but always for tools
> >>>
> >>> I believe the last option is actually impossible, or at least
> >>> impractical. It would cause an explosion of source files to deal with
> >>> all the various combinations, and would be quite painful to maintain
> >>> also.
> >>
> >> I don't think the status quo is such a terrible solution, so I am
> >> looking at the aspects that can benefit from improvement. Hence why it
> >> may appear I am talking about the status quo.
> >>
> >> Let's assume CONFIG_IS_ENABLED() returns true on host builds, and for
> >> those cases where you need to know if IS_HOST_BUILD(), there's a macro
> >> for that. You have the oddball case that uses a CONFIG_ value that's
> >> only defined on the target, and those you would have to split according
> >> to your option #3.
> >>
> >> I don't think the above is as dire an explosion in source files as it seems.
> >>
> >> Another point of contention is checksum_algos and crypto_algos arrays
> >> image-sig.c. On the target side, these should be in .u-boot-list. Status
> >> quo is the definition of rsa_verify is hidden behind #if macros, which
> >> just pushes the complexity out into the rsa.h headers.
> >>
> >> The two ideas here are CONFIG_IS_ENABLED() returns true for host code,
> >> and image-sig.c is split bwtween host and target versions, the target
> >> version making use of .uboot-list. Using these as the starting points, I
> >> think we can get to a much better solution
> >
> > I did consider simply defining CONFIG_IS_ENABLED() to true for the
> > host, but rejected that because I worried it would break down at some
> > point. Examples I can think of at the moment:
> >
> > - conflicting or alternative options (OF_LIVE, OF_HOST_FILE, OF_SEPARATE)
> > - code that is not actually wanted on the host (WATCHDOG,
> > NEEDS_MANUAL_RELOC, FPGA)
> > - code that we want on the host but not the board (so we end up with a
> > dummy CONFIG for the boards?)
> > - all the SPL / TPL / VPL options which would always end up being
> > true, when in fact we probably want none of them
> >
> > I think you should more clearly explain your objection to the hidden
> > Kconfig options, since your original reason ("clobbering the Kconfig
> > space") doesn't seem to have survived further analysis.
>
> I thought it to have been already explained and settled. It objectively
> increase the complexity of the logic. Instead of the logic being defined
> in one place (code), it is now defined in two places (code and Kconfig).
>
> And subjectively, when adding ECDSA support, I found the ifs/ifdefs that
> were derived from kconfig code to be extremely confusing. It would have
> helped trememdously if the host code would flow with less 'kconfig'
> decision points. I don't find this series to improve on that.

I think separating out host code is fine. But we do need to be
careful. A few years back someone added fit_check_sign and something
else that runs the board code. If we had had separate code at that
point, the additional of that tool would have been a huge lift.

So I think we should:
- separate out cost that is clearly host-only (perhaps into the tools/ dir)
- don't separate out board code, since we will likely want to run it
with a tool one day

>
> > Having said that, I can imagine with a lot of refactoring it might be
> > possible to address some of those. I just don't see it as a feasible
> > option from here. The effort would be better spent improving testing,
> > I think. But if you'd like to code something up for it, I'd be
> > interested to see it.
>
> We are in agreement that refactoring will improve the situation. I don't
> think it's so dire that it's unfeasible. However, if you'd like, we can
> start in smaller chunks.

OK.

>
> > Re the linker-list stuff, yes we should push more things to those
> > instead of #ifdefs and weak functions. Hashing and crypto are prime
> > examples. In fact host tools can use linker lists too if we need that.
>
> Pretty low hanging fruit here. Let me try to code something up.

OK. Perhaps with some separation, the Kconfig stuff will become easier.

Regards,
Simon

On 5/12/21 12:14 PM, Tom Rini wrote:
> On Wed, May 12, 2021 at 11:19:52AM -0500, Alex G. wrote:
>>
>>
>> On 5/12/21 10:52 AM, Simon Glass wrote:

[snip]

>>> We have a NO_SDL build-time control. Perhaps have a NO_SSL one as well?
>>
>> It could be a config option instead of an environment variable. I think it
>> can be independent of target options, since we don't sign images in the
>> buildsystem anyway -- we can enable FIT verification, but mkimage without
>> openssl.
> 
> As people point out from time to time, "NO_SDL" is very non-obvious and
> doesn't fit with how the rest of U-Boot is configured.  So I would
> rather not see NO_SSL added. 

FYI, I have a proof-of-concept for the NO_SSL idea using Kconfig [1] 
instead of environment variahles. It's not yet ready for publication.

[1] 
https://github.com/mrnuke/u-boot/commit/c054c546a8de54e41d3802fe60ad9389095e673b


> Frankly, given everything else that's
> needed to build today, I don't think just enabling the support for
> verified boot in mkimage by default and making it a bit odd to turn off
> is a problem.  But given:
> https://lists.denx.de/pipermail/u-boot/2017-December/313742.html
> I would really like to see the switch to gnutls or some other clearly
> compatibly licensed library first.

Might be interesting to switch to gnutls, even if only because it 
doesn't burn your eyes looking at function names and variable types. I 
wouldn't mind looking into this, but I just don't have the bandwidth 
nowadays.

Alex

On Mon, May 17, 2021 at 05:29:44PM -0500, Alex G. wrote:
> On 5/12/21 12:14 PM, Tom Rini wrote:
> > On Wed, May 12, 2021 at 11:19:52AM -0500, Alex G. wrote:
> > > 
> > > 
> > > On 5/12/21 10:52 AM, Simon Glass wrote:
> 
> [snip]
> 
> > > > We have a NO_SDL build-time control. Perhaps have a NO_SSL one as well?
> > > 
> > > It could be a config option instead of an environment variable. I think it
> > > can be independent of target options, since we don't sign images in the
> > > buildsystem anyway -- we can enable FIT verification, but mkimage without
> > > openssl.
> > 
> > As people point out from time to time, "NO_SDL" is very non-obvious and
> > doesn't fit with how the rest of U-Boot is configured.  So I would
> > rather not see NO_SSL added.
> 
> FYI, I have a proof-of-concept for the NO_SSL idea using Kconfig [1] instead
> of environment variahles. It's not yet ready for publication.
> 
> [1] https://github.com/mrnuke/u-boot/commit/c054c546a8de54e41d3802fe60ad9389095e673b


FYI,
I have posted a patch[1] for a similar *signing* tool using OpenSSL.
Basically, I'd like to follow the way agreed here about how OpenSSL
be handled in host tools.
So please keep in mind that there can be another use case of this kind
of host Kconfig option.

[1] https://lists.denx.de/pipermail/u-boot/2021-May/449572.html

-Takahiro Akashi

> 
> > Frankly, given everything else that's
> > needed to build today, I don't think just enabling the support for
> > verified boot in mkimage by default and making it a bit odd to turn off
> > is a problem.  But given:
> > https://lists.denx.de/pipermail/u-boot/2017-December/313742.html
> > I would really like to see the switch to gnutls or some other clearly
> > compatibly licensed library first.
> 
> Might be interesting to switch to gnutls, even if only because it doesn't
> burn your eyes looking at function names and variable types. I wouldn't mind
> looking into this, but I just don't have the bandwidth nowadays.
> 
> Alex

On 5/17/21 8:23 PM, AKASHI Takahiro wrote:
> On Mon, May 17, 2021 at 05:29:44PM -0500, Alex G. wrote:
>> On 5/12/21 12:14 PM, Tom Rini wrote:
>>> On Wed, May 12, 2021 at 11:19:52AM -0500, Alex G. wrote:
>>>>
>>>>
>>>> On 5/12/21 10:52 AM, Simon Glass wrote:
>>
>> [snip]
>>
>>>>> We have a NO_SDL build-time control. Perhaps have a NO_SSL one as well?
>>>>
>>>> It could be a config option instead of an environment variable. I think it
>>>> can be independent of target options, since we don't sign images in the
>>>> buildsystem anyway -- we can enable FIT verification, but mkimage without
>>>> openssl.
>>>
>>> As people point out from time to time, "NO_SDL" is very non-obvious and
>>> doesn't fit with how the rest of U-Boot is configured.  So I would
>>> rather not see NO_SSL added.
>>
>> FYI, I have a proof-of-concept for the NO_SSL idea using Kconfig [1] instead
>> of environment variahles. It's not yet ready for publication.
>>
>> [1] https://github.com/mrnuke/u-boot/commit/c054c546a8de54e41d3802fe60ad9389095e673b
> 
> 
> FYI,
> I have posted a patch[1] for a similar *signing* tool using OpenSSL.
> Basically, I'd like to follow the way agreed here about how OpenSSL
> be handled in host tools.
> So please keep in mind that there can be another use case of this kind
> of host Kconfig option.
> 
> [1] https://lists.denx.de/pipermail/u-boot/2021-May/449572.html

I can't ask you to change your patch based on my ideas, as I my changes 
have not yet been submitted for review. However, should you want to 
anticipate, make sure that there's one and only one variable that 
determines if OpenSSL is linked.

I also suspect Tom would be quite thrilled if your patch started using 
gnutls instead of openssl. I'm not sure how sane things would look 
having both gnutls and openssl dependencies; however, I suspect it might 
be acceptable as long as it's temporary.

These decisions haven't been made yet. I don't want to send you on a 
wild goose refactoring chase, only to have the rug pulled from under you 
later. I think it's okay to continue with your patch as submitted. I'll 
update my patch accordingly when yours gets merged first -- looks easy 
enough.

Alex