From: Michael Olbrich <m.olbrich@pengutronix.de>
To: ptxdist@pengutronix.de
Cc: Alexander Dahl <ada@thorsis.com>
Subject: Re: [ptxdist] [APPLIED] u-boot-tools: Version bump 2020.07 -> 2025.04
Date: Sat, 17 May 2025 00:02:53 +0200 [thread overview]
Message-ID: <20250516220253.221605-1-m.olbrich@pengutronix.de> (raw)
In-Reply-To: <20250513140641.4075870-2-ada@thorsis.com>
Thanks, applied as 0ed30d1e9f2d7270830cd207a1e05c09273997d6.
Michael
[sent from post-receive hook]
On Sat, 17 May 2025 00:02:53 +0200, Alexander Dahl <ada@thorsis.com> wrote:
> Apart from bugfixes this is mostly interesting for mkimage ability to
> image signing. Option -o for specifying the signing algorithm was added
> with v2022.04. Signing 'auto' FITs was added with v2022.10, support for
> signed configurations in 'auto' FIT was added in v2023.04, proper pkcs11
> uri support was added with v2024.01 and fixed with v2024.04, and finally
> ability to auto sign scripts in fit images came with v2024.10.
>
> Note, without the fix to ptxd_make_fit_image we would get a lot of
> warnings like this:
>
> WARNING: Legacy URI specified. Please add 'pkcs11:'.
> WARNING: Legacy URI specified. Please add 'pkcs11:'.
> WARNING: Legacy URI specified. Please add 'pkcs11:'.
>
> Noteworthy changes:
>
> - v2021.10-rc1-59-g62b27a561c2 ("mkimage: use environment variable MKIMAGE_SIGN_PIN to set pin for OpenSSL Engine")
> - v2021.10-730-g6b7b9ff14da ("configs: add mkeficapsule to tools-only_defconfig")
> - v2022.01-705-g5902a397d02 ("mkimage: Allow to specify the signature algorithm on the command line")
> - v2022.01-818-g2d2384bbaff ("tools: mkimage: Show where signatures/keys are written")
> - v2022.04-rc1-326-g9af16cc8f1a ("tools: build mkeficapsule with tools-only_defconfig")
> - v2022.04-rc3-43-g5017f9b595d ("mkimage: error handling for FIT image")
> - v2022.07-rc1-294-gdeb2638aa09 ("mkimage: Document misc options")
> - v2022.07-rc4-74-g87b0af9317c ("mkimage: Support signing 'auto' FITs")
> - v2023.01-892-gb93a65209c4 ("mkimage: fit: Support signed configurations in 'auto' FITs")
> - v2024.01-rc5-560-gece85cc0202 ("rsa: use pkcs11 uri as defined in rfc7512")
> - v2024.01-806-g03e598263e3 ("tools: fix build without LIBCRYPTO support")
> - v2024.01-958-g11ad2bbfa2d ("lib: rsa: Fix PKCS11 URI if one is not given in `keydir`)
> - v2024.01-959-gf055d6e8f0d ("lib: rsa: Allow legacy URI specification without "pkcs11:"")
> - v2024.07-677-g6074f6e8578 ("mkimage: Allow 'auto-conf' signing of scripts")
>
> (zlib license text had one duplicate empty line remove with 2024.10.)
>
> Signed-off-by: Alexander Dahl <ada@thorsis.com>
> Message-Id: <20250513140641.4075870-2-ada@thorsis.com>
> Signed-off-by: Michael Olbrich <m.olbrich@pengutronix.de>
>
> diff --git a/rules/host-u-boot-tools.in b/rules/host-u-boot-tools.in
> index 55fc9f56e987..0cf37ed6614a 100644
> --- a/rules/host-u-boot-tools.in
> +++ b/rules/host-u-boot-tools.in
> @@ -2,5 +2,6 @@
>
> config HOST_U_BOOT_TOOLS
> tristate
> + select HOST_GNUTLS
> select HOST_OPENSSL
> default y if ALLYES
> diff --git a/rules/u-boot-tools.make b/rules/u-boot-tools.make
> index 597ea5e30075..f71219d884b7 100644
> --- a/rules/u-boot-tools.make
> +++ b/rules/u-boot-tools.make
> @@ -14,8 +14,8 @@ PACKAGES-$(PTXCONF_U_BOOT_TOOLS) += u-boot-tools
> #
> # Paths and names
> #
> -U_BOOT_TOOLS_VERSION := 2020.07
> -U_BOOT_TOOLS_MD5 := 86e51eeccd15e658ad1df943a0edf622
> +U_BOOT_TOOLS_VERSION := 2025.04
> +U_BOOT_TOOLS_MD5 := da2cd684d4aa6195015fecd3efb1d0f0
> U_BOOT_TOOLS := u-boot-$(U_BOOT_TOOLS_VERSION)
> U_BOOT_TOOLS_SUFFIX := tar.bz2
> U_BOOT_TOOLS_URL := https://ftp.denx.de/pub/u-boot/$(U_BOOT_TOOLS).$(U_BOOT_TOOLS_SUFFIX)
> @@ -25,7 +25,7 @@ U_BOOT_TOOLS_PKGDIR := $(PKGDIR)/u-boot-tools-$(U_BOOT_TOOLS_VERSION)
> U_BOOT_TOOLS_LICENSE := GPL-2.0-or-later AND Zlib
> U_BOOT_TOOLS_LICENSE_FILES := \
> file://Licenses/gpl-2.0.txt;md5=b234ee4d69f5fce4486a80fdaf4a4263 \
> - file://include/u-boot/zlib.h;startline=15;endline=43;md5=7c27ae0384929249664da410d539a1dc
> + file://include/u-boot/zlib.h;startline=15;endline=42;md5=0ce30a522a630f7e637ea6d74422b320
>
> # ----------------------------------------------------------------------------
> # Prepare
> diff --git a/scripts/lib/ptxd_make_fit_image.sh b/scripts/lib/ptxd_make_fit_image.sh
> index 4b99e6fbfec3..ad9e5bdd380a 100644
> --- a/scripts/lib/ptxd_make_fit_image.sh
> +++ b/scripts/lib/ptxd_make_fit_image.sh
> @@ -126,13 +126,6 @@ ptxd_make_image_fit() {
>
> if [ -n "${image_sign_role}" ]; then
> pkcs11_uri=$(cs_get_uri "${image_sign_role}")
> -
> - #
> - # It would have been too simple for mkimage to just take a
> - # PKCS#11 URI. We must drop the "pkcs11:" prefix which U-Boot
> - # then adds again.
> - #
> - pkcs11_uri=$(echo "${pkcs11_uri}" | sed "s/pkcs11://")
> sign_args=( -k "${pkcs11_uri}" )
> fi
>
next prev parent reply other threads:[~2025-05-16 22:03 UTC|newest]
Thread overview: 5+ messages / expand[flat|nested] mbox.gz Atom feed top
2025-05-13 14:06 [ptxdist] [PATCH v1 0/2] u-boot: Add verified boot support Alexander Dahl via ptxdist
2025-05-13 14:06 ` [ptxdist] [PATCH v1 1/2] u-boot-tools: Version bump 2020.07 -> 2025.04 Alexander Dahl via ptxdist
2025-05-16 22:02 ` Michael Olbrich [this message]
2025-05-13 14:06 ` [ptxdist] [PATCH v1 2/2] u-boot: Add option to load signed kernel FIT images Alexander Dahl via ptxdist
2025-05-16 22:02 ` [ptxdist] [APPLIED] " Michael Olbrich
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20250516220253.221605-1-m.olbrich@pengutronix.de \
--to=m.olbrich@pengutronix.de \
--cc=ada@thorsis.com \
--cc=ptxdist@pengutronix.de \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox