From patchwork Mon May 24 20:23:17 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: "Alex G." X-Patchwork-Id: 1482971 X-Patchwork-Delegate: trini@ti.com Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=pass (sender SPF authorized) smtp.mailfrom=lists.denx.de (client-ip=2a01:238:438b:c500:173d:9f52:ddab:ee01; helo=phobos.denx.de; envelope-from=u-boot-bounces@lists.denx.de; receiver=) Authentication-Results: ozlabs.org; dkim=pass (2048-bit key; unprotected) header.d=gmail.com header.i=@gmail.com header.a=rsa-sha256 header.s=20161025 header.b=gYSs51LM; dkim-atps=neutral Received: from phobos.denx.de (phobos.denx.de [IPv6:2a01:238:438b:c500:173d:9f52:ddab:ee01]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits)) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 4FppZ873VPz9sPf for ; Tue, 25 May 2021 06:23:28 +1000 (AEST) Received: from h2850616.stratoserver.net (localhost [IPv6:::1]) by phobos.denx.de (Postfix) with ESMTP id 016BD80F0E; Mon, 24 May 2021 22:23:25 +0200 (CEST) Authentication-Results: phobos.denx.de; dmarc=pass (p=none dis=none) header.from=gmail.com Authentication-Results: phobos.denx.de; spf=pass smtp.mailfrom=u-boot-bounces@lists.denx.de Authentication-Results: phobos.denx.de; dkim=pass (2048-bit key; unprotected) header.d=gmail.com header.i=@gmail.com header.b="gYSs51LM"; dkim-atps=neutral Received: by phobos.denx.de (Postfix, from userid 109) id B5EA982EFC; Mon, 24 May 2021 22:23:24 +0200 (CEST) X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on phobos.denx.de X-Spam-Level: X-Spam-Status: No, score=-2.0 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,FREEMAIL_FROM,SPF_HELO_NONE autolearn=ham autolearn_force=no version=3.4.2 Received: from mail-oi1-x22e.google.com (mail-oi1-x22e.google.com [IPv6:2607:f8b0:4864:20::22e]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits)) (No client certificate requested) by phobos.denx.de (Postfix) with ESMTPS id 3F42382EDC for ; Mon, 24 May 2021 22:23:21 +0200 (CEST) Authentication-Results: phobos.denx.de; dmarc=pass (p=none dis=none) header.from=gmail.com Authentication-Results: phobos.denx.de; spf=pass smtp.mailfrom=mr.nuke.me@gmail.com Received: by mail-oi1-x22e.google.com with SMTP id b25so28264966oic.0 for ; Mon, 24 May 2021 13:23:21 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=from:to:cc:subject:date:message-id:mime-version :content-transfer-encoding; bh=dOwoup7YRK9CJNQY6zI36bzg0Z8rVfPMoiwlJ6/NhQI=; b=gYSs51LMiJwix5zTt3GwgRhcNFCsM6dtjiUa38z0XrVgVIkWsvxq9T+ekfn89SXg4O vKYyA89KQh5PsQ5De7rTuRXU55RxFamKTmUGQSqS3zsKP4q1rJPrjDwU4DovMtabHKE6 J1m7Eyff8xF+MCoTXI84Puv5Y2s5gJ9s+/oWjJsiDVRhR5/Mwo3nZNSXFM9SvSCoDXMy lY4fXJbxEwVi0LxywqptH4hKuoTLEFj+mWosH+PO4CP2dVQFccdAnPxRv6pB3nmaYrMi KV7OlZGVMh8QBNdAKQqnXFQTFSg+gXBnIVGFm/qS/ON34fzjRFyQnmOVvOS51PHkPPd6 QakQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:mime-version :content-transfer-encoding; bh=dOwoup7YRK9CJNQY6zI36bzg0Z8rVfPMoiwlJ6/NhQI=; b=rjfWPEBDOCWp1y8U1E7YmlnorsXkLizaQKxouAG4QOz11BFn8gjR4KfEodcN+6tNZ4 4zv6Yjdj1GLy43T1w8eUL7+Zv7n8Gz1phKxotYUfMtwsN0bHPtoR1du9eu/zFGftDpWy pRcuPnPQok9sUBnJobLgK0SIfQWscDPrAlLF0bQj+pnnxAQ5M+awjMfK5iBs/SaWHrAw 3/Wb2zmGoJDeKnkhtGv4eCS5oYglxyisbsSZfpEUSe72Cq3kNI7EUJcqKRwSYGtxyiPK imJx5odT4xNTdBCzqzcby2uvh0FgAnpUNGY0zZxvTh2DJidyrugIWdH9tZakjzaWGlnC 5Ylg== X-Gm-Message-State: AOAM530J6LGB5BIL9nOFOOf/P6K9tAyfKrxFTvnE1Pfj36OSPS3u5DwN Spfv1Cpz1d4//MdwbdZjLlY3GuH4SiV6Dw== X-Google-Smtp-Source: ABdhPJwuJlsGbNTS7Kl4szE/s9HUetPRsQSTG3Ucl47rtEBye2RvxD/7i9F5uQjcuM4PGaSNdfmsRw== X-Received: by 2002:aca:b784:: with SMTP id h126mr565203oif.98.1621887799526; Mon, 24 May 2021 13:23:19 -0700 (PDT) Received: from nuclearis3.lan (c-98-195-139-126.hsd1.tx.comcast.net. [98.195.139.126]) by smtp.gmail.com with ESMTPSA id 129sm2994562ooq.34.2021.05.24.13.23.18 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 24 May 2021 13:23:19 -0700 (PDT) From: Alexandru Gagniuc To: u-boot@lists.denx.de Cc: sjg@chromium.org, trini@konsulko.com, Alexandru Gagniuc Subject: [PATCH] tools: Use a single target-independent config to enable OpenSSL Date: Mon, 24 May 2021 15:23:17 -0500 Message-Id: <20210524202317.1492578-1-mr.nuke.me@gmail.com> X-Mailer: git-send-email 2.31.1 MIME-Version: 1.0 X-BeenThere: u-boot@lists.denx.de X-Mailman-Version: 2.1.34 Precedence: list List-Id: U-Boot discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: u-boot-bounces@lists.denx.de Sender: "U-Boot" X-Virus-Scanned: clamav-milter 0.102.4 at phobos.denx.de X-Virus-Status: Clean Host tool features, such as mkimage's ability to sign FIT images were enabled or disabled based on the target configuration. However, this misses the point of a target-agnostic host tool. A target's ability to verify FIT signatures is independent of mkimage's ability to create those signatures. In fact, u-boot's build system doesn't sign images. The target code can be successfully built without relying on any ability to sign such code. Conversely, mkimage's ability to sign images does not require that those images will only work on targets which support FIT verification. Linking mkimage cryptographic features to target support for FIT verification is misguided. Without loss of generality, we can say that host features are and should be independent of target features. While we prefer that a host tool always supports the same feature set, we recognize the following - some users prefer to build u-boot without a dependency on OpenSSL. - some distros prefer to ship mkimage without linking to OpenSSL To allow these use cases, introduce a host-only Kconfig which is used to select or deselect libcrypto support. Some mkimage features or some host tools might not be available, but this shouldn't affect the u-boot build. I also considered setting the default of this config based on FIT_SIGNATURE. While it would preserve the old behaviour it's also contrary to the goals of this change. I decided to enable it by default, so that the default build yields the most feature-complete mkimage. Signed-off-by: Alexandru Gagniuc Reviewed-by: Simon Glass --- This patch is designed to apply on top of [PATCH v2 00/18] image: Reduce #ifdef abuse in image code tools/Kconfig | 11 +++++++++++ tools/Makefile | 46 ++++++++++++++++++++++++++++++---------------- 2 files changed, 41 insertions(+), 16 deletions(-) diff --git a/tools/Kconfig b/tools/Kconfig index b2f5012240..214932ae30 100644 --- a/tools/Kconfig +++ b/tools/Kconfig @@ -9,4 +9,15 @@ config MKIMAGE_DTC_PATH some cases the system dtc may not support all required features and the path to a different version should be given here. +config TOOLS_USE_LIBCRYPTO + bool "Use OpenSSL's libcrypto library for host tools" + default y + help + Cryptographic signature, verification, and encryption of images is + provided by host tools using OpenSSL's libcrypto. Select 'n' here if + you wish to build host tools without OpenSSL. mkimage will not have + the ability to sign images. + This selection does not affect target features, such as runtime FIT + signature verification. + endmenu diff --git a/tools/Makefile b/tools/Makefile index 722355e984..1f30a06cce 100644 --- a/tools/Makefile +++ b/tools/Makefile @@ -3,6 +3,25 @@ # (C) Copyright 2000-2006 # Wolfgang Denk, DENX Software Engineering, wd@denx.de. +# A note on target vs host configuration: +# +# Host tools can be used across multiple targets, or different configurations +# of the same target. Thus, host tools must be able to handle any combination +# of target configurations. To prevent having different variations of the same +# tool, the tool build options may not depend on target configuration. +# +# Some linux distributions package these utilities as u-boot-tools, and it +# would be unmaintainable to have a different tool variation for each +# arch or configuration. +# +# A couple of simple rules: +# +# 1) Do not use target CONFIG_* options to enable or disable features in host +# tools. Only use the configs from tools/Kconfig +# 2) It's okay to use target configs to disable building specific tools. +# That's as long as the features of those tools aren't modified. +# + # Enable all the config-independent tools ifneq ($(HOST_TOOLS_ALL),) CONFIG_ARCH_KIRKWOOD = y @@ -53,30 +72,30 @@ hostprogs-y += mkenvimage mkenvimage-objs := mkenvimage.o os_support.o lib/crc32.o hostprogs-y += dumpimage mkimage -hostprogs-$(CONFIG_FIT_SIGNATURE) += fit_info fit_check_sign +hostprogs-$(CONFIG_TOOLS_USE_LIBCRYPTO) += fit_info fit_check_sign hostprogs-$(CONFIG_CMD_BOOTEFI_SELFTEST) += file2include FIT_OBJS-$(CONFIG_FIT) := fit_common.o fit_image.o image-host.o common/image-fit.o -FIT_SIG_OBJS-$(CONFIG_FIT_SIGNATURE) := image-sig-host.o common/image-fit-sig.o -FIT_CIPHER_OBJS-$(CONFIG_FIT_CIPHER) := common/image-cipher.o +FIT_SIG_OBJS-$(CONFIG_TOOLS_USE_LIBCRYPTO) := image-sig-host.o common/image-fit-sig.o +FIT_CIPHER_OBJS-$(CONFIG_TOOLS_USE_LIBCRYPTO) := common/image-cipher.o # The following files are synced with upstream DTC. # Use synced versions from scripts/dtc/libfdt/. LIBFDT_OBJS := $(addprefix libfdt/, fdt.o fdt_ro.o fdt_wip.o fdt_sw.o fdt_rw.o \ fdt_strerror.o fdt_empty_tree.o fdt_addresses.o fdt_overlay.o) -RSA_OBJS-$(CONFIG_FIT_SIGNATURE) := $(addprefix lib/rsa/, \ +RSA_OBJS-$(CONFIG_TOOLS_USE_LIBCRYPTO) := $(addprefix lib/rsa/, \ rsa-sign.o rsa-verify.o \ rsa-mod-exp.o) -ECDSA_OBJS-$(CONFIG_FIT_SIGNATURE) := $(addprefix lib/ecdsa/, ecdsa-libcrypto.o) +ECDSA_OBJS-$(CONFIG_TOOLS_USE_LIBCRYPTO) := $(addprefix lib/ecdsa/, ecdsa-libcrypto.o) -AES_OBJS-$(CONFIG_FIT_CIPHER) := $(addprefix lib/aes/, \ +AES_OBJS-$(CONFIG_TOOLS_USE_LIBCRYPTO) := $(addprefix lib/aes/, \ aes-encrypt.o aes-decrypt.o) # Cryptographic helpers that depend on openssl/libcrypto -LIBCRYPTO_OBJS-$(CONFIG_FIT_SIGNATURE) := $(addprefix lib/, \ +LIBCRYPTO_OBJS-$(CONFIG_TOOLS_USE_LIBCRYPTO) := $(addprefix lib/, \ fdt-libcrypto.o) ROCKCHIP_OBS = lib/rc4.o rkcommon.o rkimage.o rksd.o rkspi.o @@ -136,22 +155,17 @@ fit_info-objs := $(dumpimage-mkimage-objs) fit_info.o fit_check_sign-objs := $(dumpimage-mkimage-objs) fit_check_sign.o file2include-objs := file2include.o -ifneq ($(CONFIG_MX23)$(CONFIG_MX28)$(CONFIG_FIT_SIGNATURE),) +ifneq ($(CONFIG_MX23)$(CONFIG_MX28)$(CONFIG_TOOLS_USE_LIBCRYPTO),) # Add CONFIG_MXS into host CFLAGS, so we can check whether or not register # the mxsimage support within tools/mxsimage.c . HOSTCFLAGS_mxsimage.o += -DCONFIG_MXS endif -ifdef CONFIG_FIT_SIGNATURE +ifdef CONFIG_TOOLS_USE_LIBCRYPTO # This affects include/image.h, but including the board config file # is tricky, so manually define this options here. HOST_EXTRACFLAGS += -DCONFIG_FIT_SIGNATURE -HOST_EXTRACFLAGS += -DCONFIG_FIT_SIGNATURE_MAX_SIZE=$(CONFIG_FIT_SIGNATURE_MAX_SIZE) -endif - -ifdef CONFIG_FIT_CIPHER -# This affects include/image.h, but including the board config file -# is tricky, so manually define this options here. +HOST_EXTRACFLAGS += -DCONFIG_FIT_SIGNATURE_MAX_SIZE=0xffffffff HOST_EXTRACFLAGS += -DCONFIG_FIT_CIPHER endif @@ -164,7 +178,7 @@ HOSTCFLAGS_kwbimage.o += -DCONFIG_KWB_SECURE endif # MXSImage needs LibSSL -ifneq ($(CONFIG_MX23)$(CONFIG_MX28)$(CONFIG_ARMADA_38X)$(CONFIG_FIT_SIGNATURE)$(CONFIG_FIT_CIPHER),) +ifneq ($(CONFIG_MX23)$(CONFIG_MX28)$(CONFIG_ARMADA_38X)$(CONFIG_TOOLS_USE_LIBCRYPTO),) HOSTCFLAGS_kwbimage.o += \ $(shell pkg-config --cflags libssl libcrypto 2> /dev/null || echo "") HOSTLDLIBS_mkimage += \