| Message ID | 20210512065947.23998-4-masahisa.kojima@linaro.org |
|---|---|
| State | Superseded |
| Delegated to: | Heinrich Schuchardt |
| Headers | show |
| Series | PE/COFF measurement support | expand |
On Wed, May 12, 2021 at 03:59:47PM +0900, Masahisa Kojima wrote: > Build error occurs when CONFIG_EFI_SECURE_BOOT/ > CONFIG_EFI_CAPSULE_AUTHENTICATE/CONFIG_EFI_TCG2_PROTOCOL > is enabled, because hash-checksum.c is not compiled. > > With the following commit, > commit 0bcb28dfb946 ("lib: Rename rsa-checksum.c to hash-checksum.c") > CONFIG_FIT_SIGNATURE option is required to use hash_calculate() function. > > This commit adds CONFIG_FIT_SIGNATURE option in Kconfig, and missing > required options for CONFIG_EFI_TCG2_PROTOCOL. > > Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> > --- > > Changes in v4: > - newly added in this patch series, due to rebasing > the base code. > > lib/efi_loader/Kconfig | 8 ++++++++ > 1 file changed, 8 insertions(+) > > diff --git a/lib/efi_loader/Kconfig b/lib/efi_loader/Kconfig > index b76e77180e..93463fb362 100644 > --- a/lib/efi_loader/Kconfig > +++ b/lib/efi_loader/Kconfig > @@ -175,6 +175,7 @@ config EFI_CAPSULE_AUTHENTICATE > select PKCS7_VERIFY > select IMAGE_SIGN_INFO > select EFI_SIGNATURE_SUPPORT > + select FIT_SIGNATURE > default n > help > Select this option if you want to enable capsule > @@ -302,6 +303,12 @@ config EFI_RNG_PROTOCOL > config EFI_TCG2_PROTOCOL > bool "EFI_TCG2_PROTOCOL support" > depends on TPM_V2 > + select FIT_SIGNATURE > + select SHA1 > + select SHA256 > + select SHA512_ALGO > + select SHA384 > + select SHA512 > help > Provide a EFI_TCG2_PROTOCOL implementation using the TPM hardware > of the platform. > @@ -338,6 +345,7 @@ config EFI_SECURE_BOOT > select PKCS7_MESSAGE_PARSER > select PKCS7_VERIFY > select EFI_SIGNATURE_SUPPORT > + select FIT_SIGNATURE > default n > help > Select this option to enable EFI secure boot support. > -- > 2.17.1 > I've sent a similar patch yesterday that Heinrich already applied on his tree, you'll only need to add FIT_SIGNATURE now Cheers /Ilias
On Wed, 12 May 2021 at 17:32, Ilias Apalodimas <ilias.apalodimas@linaro.org> wrote: > > On Wed, May 12, 2021 at 03:59:47PM +0900, Masahisa Kojima wrote: > > Build error occurs when CONFIG_EFI_SECURE_BOOT/ > > CONFIG_EFI_CAPSULE_AUTHENTICATE/CONFIG_EFI_TCG2_PROTOCOL > > is enabled, because hash-checksum.c is not compiled. > > > > With the following commit, > > commit 0bcb28dfb946 ("lib: Rename rsa-checksum.c to hash-checksum.c") > > CONFIG_FIT_SIGNATURE option is required to use hash_calculate() function. > > > > This commit adds CONFIG_FIT_SIGNATURE option in Kconfig, and missing > > required options for CONFIG_EFI_TCG2_PROTOCOL. > > > > Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> > > --- > > > > Changes in v4: > > - newly added in this patch series, due to rebasing > > the base code. > > > > lib/efi_loader/Kconfig | 8 ++++++++ > > 1 file changed, 8 insertions(+) > > > > diff --git a/lib/efi_loader/Kconfig b/lib/efi_loader/Kconfig > > index b76e77180e..93463fb362 100644 > > --- a/lib/efi_loader/Kconfig > > +++ b/lib/efi_loader/Kconfig > > @@ -175,6 +175,7 @@ config EFI_CAPSULE_AUTHENTICATE > > select PKCS7_VERIFY > > select IMAGE_SIGN_INFO > > select EFI_SIGNATURE_SUPPORT > > + select FIT_SIGNATURE > > default n > > help > > Select this option if you want to enable capsule > > @@ -302,6 +303,12 @@ config EFI_RNG_PROTOCOL > > config EFI_TCG2_PROTOCOL > > bool "EFI_TCG2_PROTOCOL support" > > depends on TPM_V2 > > + select FIT_SIGNATURE > > + select SHA1 > > + select SHA256 > > + select SHA512_ALGO > > + select SHA384 > > + select SHA512 > > help > > Provide a EFI_TCG2_PROTOCOL implementation using the TPM hardware > > of the platform. > > @@ -338,6 +345,7 @@ config EFI_SECURE_BOOT > > select PKCS7_MESSAGE_PARSER > > select PKCS7_VERIFY > > select EFI_SIGNATURE_SUPPORT > > + select FIT_SIGNATURE > > default n > > help > > Select this option to enable EFI secure boot support. > > -- > > 2.17.1 > > > > I've sent a similar patch yesterday that Heinrich already applied on his > tree, you'll only need to add FIT_SIGNATURE now Hi Ilias, Thank you for your comment. I rebase and will send v5. Thanks, Masahisa > > Cheers > /Ilias
diff --git a/lib/efi_loader/Kconfig b/lib/efi_loader/Kconfig index b76e77180e..93463fb362 100644 --- a/lib/efi_loader/Kconfig +++ b/lib/efi_loader/Kconfig @@ -175,6 +175,7 @@ config EFI_CAPSULE_AUTHENTICATE select PKCS7_VERIFY select IMAGE_SIGN_INFO select EFI_SIGNATURE_SUPPORT + select FIT_SIGNATURE default n help Select this option if you want to enable capsule @@ -302,6 +303,12 @@ config EFI_RNG_PROTOCOL config EFI_TCG2_PROTOCOL bool "EFI_TCG2_PROTOCOL support" depends on TPM_V2 + select FIT_SIGNATURE + select SHA1 + select SHA256 + select SHA512_ALGO + select SHA384 + select SHA512 help Provide a EFI_TCG2_PROTOCOL implementation using the TPM hardware of the platform. @@ -338,6 +345,7 @@ config EFI_SECURE_BOOT select PKCS7_MESSAGE_PARSER select PKCS7_VERIFY select EFI_SIGNATURE_SUPPORT + select FIT_SIGNATURE default n help Select this option to enable EFI secure boot support.
Build error occurs when CONFIG_EFI_SECURE_BOOT/ CONFIG_EFI_CAPSULE_AUTHENTICATE/CONFIG_EFI_TCG2_PROTOCOL is enabled, because hash-checksum.c is not compiled. With the following commit, commit 0bcb28dfb946 ("lib: Rename rsa-checksum.c to hash-checksum.c") CONFIG_FIT_SIGNATURE option is required to use hash_calculate() function. This commit adds CONFIG_FIT_SIGNATURE option in Kconfig, and missing required options for CONFIG_EFI_TCG2_PROTOCOL. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> --- Changes in v4: - newly added in this patch series, due to rebasing the base code. lib/efi_loader/Kconfig | 8 ++++++++ 1 file changed, 8 insertions(+)