From mboxrd@z Thu Jan  1 00:00:00 1970
Delivery-date: Tue, 13 May 2025 16:07:10 +0200
Received: from metis.whiteo.stw.pengutronix.de ([2a0a:edc0:2:b01:1d::104])
	by lore.white.stw.pengutronix.de with esmtps  (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
	(Exim 4.96)
	(envelope-from <ptxdist-bounces+lore=lore.pengutronix.de@pengutronix.de>)
	id 1uEqHm-005BAJ-2L
	for lore@lore.pengutronix.de;
	Tue, 13 May 2025 16:07:10 +0200
Received: from localhost ([127.0.0.1] helo=metis.whiteo.stw.pengutronix.de)
	by metis.whiteo.stw.pengutronix.de with esmtp (Exim 4.92)
	(envelope-from <ptxdist-bounces@pengutronix.de>)
	id 1uEqHm-0003lF-HL; Tue, 13 May 2025 16:07:10 +0200
Received: from mail.thorsis.com ([217.92.40.78])
 by metis.whiteo.stw.pengutronix.de with esmtps
 (TLS1.3:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.92)
 (envelope-from <ada@thorsis.com>) id 1uEqHP-0003ZW-PE
 for ptxdist@pengutronix.de; Tue, 13 May 2025 16:06:48 +0200
Received: from [127.0.0.1] (localhost [127.0.0.1]) by localhost (Mailerdaemon)
 with ESMTPSA id 0A7EF148A8C7
 for <ptxdist@pengutronix.de>; Tue, 13 May 2025 16:06:47 +0200 (CEST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=thorsis.com; s=dkim;
 t=1747145207; h=from:subject:date:message-id:to:mime-version:
 content-transfer-encoding:in-reply-to:references;
 bh=eNNmtmL+v6sAgzxCVc5bXSCe0/2MjaVgBfUOWNc39qI=;
 b=i/6oiBrtu0rwpYCngIVEvRpESynyyKaBMlfUXE1pAWAHhfFLjUfrbQxULGktRbTExxPZ6x
 XKsjXAGJ2FtObGNbTh91OH4rOL5BVwdid0K4m1YhPI8TgI9XQAII8mB3O8dBUjEIhKb/2L
 3AogDZNVPBwWkMBMQF1/h6nFOqCyd7QvO5PqEwvKY0Z1czzB6CSjqNnUJL32+S2QI/v9dB
 RXsmmwsS45+9cRlRpMzD5SpNMpH9l1C60DGN8zwV/1SHJ4ptlghfOo1Kh+/+aXKXQMtt0v
 Vjv1wSAqkMZN/FrdMNc/KkCUmtG+I1S7YamyIHrgjTptJHWQSkaW4oyzxTEVbg==
To: ptxdist@pengutronix.de
Date: Tue, 13 May 2025 16:06:40 +0200
Message-Id: <20250513140641.4075870-2-ada@thorsis.com>
X-Mailer: git-send-email 2.39.5
In-Reply-To: <20250513140641.4075870-1-ada@thorsis.com>
References: <20250513140641.4075870-1-ada@thorsis.com>
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
X-Last-TLS-Session-Version: TLSv1.3
X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on
 metis.whiteo.stw.pengutronix.de
X-Spam-Level: 
X-Spam-Status: No, score=-3.3 required=4.0 tests=AWL,BAYES_00,DKIM_SIGNED,
 DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,
 RCVD_IN_VALIDITY_CERTIFIED_BLOCKED,RCVD_IN_VALIDITY_RPBL_BLOCKED,
 SPF_HELO_NONE,SPF_PASS autolearn=ham autolearn_force=no version=3.4.2
Subject: [ptxdist] [PATCH v1 1/2] u-boot-tools: Version bump 2020.07 ->
 2025.04
X-BeenThere: ptxdist@pengutronix.de
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: PTXdist Development Mailing List <ptxdist.pengutronix.de>
List-Unsubscribe: <https://metis.pengutronix.de/mailman/options/ptxdist>,
 <mailto:ptxdist-request@pengutronix.de?subject=unsubscribe>
List-Archive: <https://metis.pengutronix.de/mailman/private/ptxdist/>
List-Post: <mailto:ptxdist@pengutronix.de>
List-Help: <mailto:ptxdist-request@pengutronix.de?subject=help>
List-Subscribe: <https://metis.pengutronix.de/mailman/listinfo/ptxdist>,
 <mailto:ptxdist-request@pengutronix.de?subject=subscribe>
From: Alexander Dahl via ptxdist <ptxdist@pengutronix.de>
Reply-To: ptxdist@pengutronix.de
Cc: Alexander Dahl <ada@thorsis.com>
Sender: "ptxdist" <ptxdist-bounces@pengutronix.de>
X-SA-Exim-Connect-IP: 127.0.0.1
X-SA-Exim-Mail-From: ptxdist-bounces@pengutronix.de
X-SA-Exim-Scanned: No (on metis.whiteo.stw.pengutronix.de); SAEximRunCond expanded to false

Apart from bugfixes this is mostly interesting for mkimage ability to
image signing.  Option -o for specifying the signing algorithm was added
with v2022.04.  Signing 'auto' FITs was added with v2022.10, support for
signed configurations in 'auto' FIT was added in v2023.04, proper pkcs11
uri support was added with v2024.01 and fixed with v2024.04, and finally
ability to auto sign scripts in fit images came with v2024.10.

Note, without the fix to ptxd_make_fit_image we would get a lot of
warnings like this:

    WARNING: Legacy URI specified. Please add 'pkcs11:'.
    WARNING: Legacy URI specified. Please add 'pkcs11:'.
    WARNING: Legacy URI specified. Please add 'pkcs11:'.

Noteworthy changes:

- v2021.10-rc1-59-g62b27a561c2 ("mkimage: use environment variable MKIMAGE_SIGN_PIN to set pin for OpenSSL Engine")
- v2021.10-730-g6b7b9ff14da ("configs: add mkeficapsule to tools-only_defconfig")
- v2022.01-705-g5902a397d02 ("mkimage: Allow to specify the signature algorithm on the command line")
- v2022.01-818-g2d2384bbaff ("tools: mkimage: Show where signatures/keys are written")
- v2022.04-rc1-326-g9af16cc8f1a ("tools: build mkeficapsule with tools-only_defconfig")
- v2022.04-rc3-43-g5017f9b595d ("mkimage: error handling for FIT image")
- v2022.07-rc1-294-gdeb2638aa09 ("mkimage: Document misc options")
- v2022.07-rc4-74-g87b0af9317c ("mkimage: Support signing 'auto' FITs")
- v2023.01-892-gb93a65209c4 ("mkimage: fit: Support signed configurations in 'auto' FITs")
- v2024.01-rc5-560-gece85cc0202 ("rsa: use pkcs11 uri as defined in rfc7512")
- v2024.01-806-g03e598263e3 ("tools: fix build without LIBCRYPTO support")
- v2024.01-958-g11ad2bbfa2d ("lib: rsa: Fix PKCS11 URI if one is not given in `keydir`)
- v2024.01-959-gf055d6e8f0d ("lib: rsa: Allow legacy URI specification without "pkcs11:"")
- v2024.07-677-g6074f6e8578 ("mkimage: Allow 'auto-conf' signing of scripts")

(zlib license text had one duplicate empty line remove with 2024.10.)

Signed-off-by: Alexander Dahl <ada@thorsis.com>
---
 rules/host-u-boot-tools.in         | 1 +
 rules/u-boot-tools.make            | 6 +++---
 scripts/lib/ptxd_make_fit_image.sh | 7 -------
 3 files changed, 4 insertions(+), 10 deletions(-)

diff --git a/rules/host-u-boot-tools.in b/rules/host-u-boot-tools.in
index 55fc9f56e..0cf37ed66 100644
--- a/rules/host-u-boot-tools.in
+++ b/rules/host-u-boot-tools.in
@@ -2,5 +2,6 @@
 
 config HOST_U_BOOT_TOOLS
 	tristate
+	select HOST_GNUTLS
 	select HOST_OPENSSL
 	default y if ALLYES
diff --git a/rules/u-boot-tools.make b/rules/u-boot-tools.make
index 597ea5e30..f71219d88 100644
--- a/rules/u-boot-tools.make
+++ b/rules/u-boot-tools.make
@@ -14,8 +14,8 @@ PACKAGES-$(PTXCONF_U_BOOT_TOOLS) += u-boot-tools
 #
 # Paths and names
 #
-U_BOOT_TOOLS_VERSION	:= 2020.07
-U_BOOT_TOOLS_MD5	:= 86e51eeccd15e658ad1df943a0edf622
+U_BOOT_TOOLS_VERSION	:= 2025.04
+U_BOOT_TOOLS_MD5	:= da2cd684d4aa6195015fecd3efb1d0f0
 U_BOOT_TOOLS		:= u-boot-$(U_BOOT_TOOLS_VERSION)
 U_BOOT_TOOLS_SUFFIX	:= tar.bz2
 U_BOOT_TOOLS_URL	:= https://ftp.denx.de/pub/u-boot/$(U_BOOT_TOOLS).$(U_BOOT_TOOLS_SUFFIX)
@@ -25,7 +25,7 @@ U_BOOT_TOOLS_PKGDIR	:= $(PKGDIR)/u-boot-tools-$(U_BOOT_TOOLS_VERSION)
 U_BOOT_TOOLS_LICENSE	:= GPL-2.0-or-later AND Zlib
 U_BOOT_TOOLS_LICENSE_FILES := \
 	file://Licenses/gpl-2.0.txt;md5=b234ee4d69f5fce4486a80fdaf4a4263 \
-	file://include/u-boot/zlib.h;startline=15;endline=43;md5=7c27ae0384929249664da410d539a1dc
+	file://include/u-boot/zlib.h;startline=15;endline=42;md5=0ce30a522a630f7e637ea6d74422b320
 
 # ----------------------------------------------------------------------------
 # Prepare
diff --git a/scripts/lib/ptxd_make_fit_image.sh b/scripts/lib/ptxd_make_fit_image.sh
index 4b99e6fbf..ad9e5bdd3 100644
--- a/scripts/lib/ptxd_make_fit_image.sh
+++ b/scripts/lib/ptxd_make_fit_image.sh
@@ -126,13 +126,6 @@ ptxd_make_image_fit() {
 
     if [ -n "${image_sign_role}" ]; then
 	pkcs11_uri=$(cs_get_uri "${image_sign_role}")
-
-	#
-	# It would have been too simple for mkimage to just take a
-	# PKCS#11 URI. We must drop the "pkcs11:" prefix which U-Boot
-	# then adds again.
-	#
-	pkcs11_uri=$(echo "${pkcs11_uri}" | sed "s/pkcs11://")
 	sign_args=( -k "${pkcs11_uri}" )
     fi
 
-- 
2.39.5