| Message ID | 20250127151657.648255-1-raymond.mao@linaro.org |
|---|---|
| State | Changes Requested |
| Delegated to: | Tom Rini |
| Headers | show |
| Series | [1/3] mbedtls: fix incorrect kconfig dependencies on mbedtls | expand |
Hi Raymond On Mon, 27 Jan 2025 at 17:17, Raymond Mao <raymond.mao@linaro.org> wrote: > > Currently building with WGET_HTTPS,NET_LWIP and MBEDTLS_LIB failed > due to a few incorrect kconfig dependencies. > Fix these and clarify what is the purpose of MBEDTLS_LIB_CRYPTO_ALT. > > Signed-off-by: Raymond Mao <raymond.mao@linaro.org> > --- > cmd/Kconfig | 1 - > lib/mbedtls/Kconfig | 8 +++++--- > 2 files changed, 5 insertions(+), 4 deletions(-) > > diff --git a/cmd/Kconfig b/cmd/Kconfig > index 1a0985ca479..071601b5ac2 100644 > --- a/cmd/Kconfig > +++ b/cmd/Kconfig > @@ -2161,7 +2161,6 @@ config WGET_HTTPS > select ASYMMETRIC_PUBLIC_KEY_SUBTYPE > select X509_CERTIFICATE_PARSER > select PKCS7_MESSAGE_PARSER > - select MBEDTLS_LIB_CRYPTO > select MBEDTLS_LIB_TLS > select RSA_VERIFY_WITH_PKEY > select X509_CERTIFICATE_PARSER > diff --git a/lib/mbedtls/Kconfig b/lib/mbedtls/Kconfig > index aa82336ef14..17ed2bc71de 100644 > --- a/lib/mbedtls/Kconfig > +++ b/lib/mbedtls/Kconfig > @@ -116,6 +116,7 @@ endif # LEGACY_CRYPTO_BASIC > > config LEGACY_CRYPTO_CERT > bool "legacy certificate libraries" > + depends on LEGACY_CRYPTO > select ASN1_DECODER_LEGACY if ASN1_DECODER > select ASYMMETRIC_PUBLIC_KEY_LEGACY if \ > ASYMMETRIC_PUBLIC_KEY_SUBTYPE > @@ -210,12 +211,13 @@ endif # LEGACY_CRYPTO > if MBEDTLS_LIB > > config MBEDTLS_LIB_CRYPTO_ALT > - bool "MbedTLS crypto alternatives" > + bool "Use legacy crypto libraries as MbedTLS alternatives" > depends on MBEDTLS_LIB && !MBEDTLS_LIB_CRYPTO > select LEGACY_CRYPTO_BASIC > default y if MBEDTLS_LIB && !MBEDTLS_LIB_CRYPTO > help > - Enable MbedTLS crypto alternatives. > + Enable MbedTLS crypto alternatives and replace it with legacy crypto > + libraries. This isn't too clear for someone that hasn't been involved with mbedTLS. Isn't that enabling U-Boot's hashing algorithms instead of the mbedTLS ones? Thanks /Ilias > Mutually incompatible with MBEDTLS_LIB_CRYPTO. > > config MBEDTLS_LIB_CRYPTO > @@ -451,7 +453,7 @@ config MBEDTLS_LIB_TLS > depends on ASYMMETRIC_PUBLIC_KEY_MBEDTLS > depends on ASN1_DECODER_MBEDTLS > depends on ASYMMETRIC_PUBLIC_KEY_MBEDTLS > - depends on MBEDTLS_LIB_CRYPTO > + depends on MBEDTLS_LIB > help > Enable MbedTLS TLS library. Required for HTTPs support > in wget > -- > 2.25.1 >
Hi Ilias, On Fri, 31 Jan 2025 at 08:40, Ilias Apalodimas <ilias.apalodimas@linaro.org> wrote: > > Hi Raymond > > On Mon, 27 Jan 2025 at 17:17, Raymond Mao <raymond.mao@linaro.org> wrote: > > > > Currently building with WGET_HTTPS,NET_LWIP and MBEDTLS_LIB failed > > due to a few incorrect kconfig dependencies. > > Fix these and clarify what is the purpose of MBEDTLS_LIB_CRYPTO_ALT. > > > > Signed-off-by: Raymond Mao <raymond.mao@linaro.org> > > --- > > cmd/Kconfig | 1 - > > lib/mbedtls/Kconfig | 8 +++++--- > > 2 files changed, 5 insertions(+), 4 deletions(-) > > > > diff --git a/cmd/Kconfig b/cmd/Kconfig > > index 1a0985ca479..071601b5ac2 100644 > > --- a/cmd/Kconfig > > +++ b/cmd/Kconfig > > @@ -2161,7 +2161,6 @@ config WGET_HTTPS > > select ASYMMETRIC_PUBLIC_KEY_SUBTYPE > > select X509_CERTIFICATE_PARSER > > select PKCS7_MESSAGE_PARSER > > - select MBEDTLS_LIB_CRYPTO > > select MBEDTLS_LIB_TLS > > select RSA_VERIFY_WITH_PKEY > > select X509_CERTIFICATE_PARSER > > diff --git a/lib/mbedtls/Kconfig b/lib/mbedtls/Kconfig > > index aa82336ef14..17ed2bc71de 100644 > > --- a/lib/mbedtls/Kconfig > > +++ b/lib/mbedtls/Kconfig > > @@ -116,6 +116,7 @@ endif # LEGACY_CRYPTO_BASIC > > > > config LEGACY_CRYPTO_CERT > > bool "legacy certificate libraries" > > + depends on LEGACY_CRYPTO > > select ASN1_DECODER_LEGACY if ASN1_DECODER > > select ASYMMETRIC_PUBLIC_KEY_LEGACY if \ > > ASYMMETRIC_PUBLIC_KEY_SUBTYPE > > @@ -210,12 +211,13 @@ endif # LEGACY_CRYPTO > > if MBEDTLS_LIB > > > > config MBEDTLS_LIB_CRYPTO_ALT > > - bool "MbedTLS crypto alternatives" > > + bool "Use legacy crypto libraries as MbedTLS alternatives" > > depends on MBEDTLS_LIB && !MBEDTLS_LIB_CRYPTO > > select LEGACY_CRYPTO_BASIC > > default y if MBEDTLS_LIB && !MBEDTLS_LIB_CRYPTO > > help > > - Enable MbedTLS crypto alternatives. > > + Enable MbedTLS crypto alternatives and replace it with legacy crypto > > + libraries. > > This isn't too clear for someone that hasn't been involved with mbedTLS. > Isn't that enabling U-Boot's hashing algorithms instead of the mbedTLS ones? > Yes, currently only hashing will be replaced by U-Boot legacy crypto when MBEDTLS_LIB_CRYPTO_ALT is selected. But mbedtls provides more "alternatives" options than hashing. The reason I keep it named as "_CRYPTO_ALT" is to allow us to extend the usage other than hashing in the future. Regards, Raymond > Thanks > /Ilias > > Mutually incompatible with MBEDTLS_LIB_CRYPTO. > > > > config MBEDTLS_LIB_CRYPTO > > @@ -451,7 +453,7 @@ config MBEDTLS_LIB_TLS > > depends on ASYMMETRIC_PUBLIC_KEY_MBEDTLS > > depends on ASN1_DECODER_MBEDTLS > > depends on ASYMMETRIC_PUBLIC_KEY_MBEDTLS > > - depends on MBEDTLS_LIB_CRYPTO > > + depends on MBEDTLS_LIB > > help > > Enable MbedTLS TLS library. Required for HTTPs support > > in wget > > -- > > 2.25.1 > >
Hi Tom, Is it able to merge this series for the upcoming release? This series includes the hotfix for the building failures when WGET_HTTPS,NET_LWIP and MBEDTLS_LIB are selected. But it is rebased on one of Simon's patch: '[PATCH 01/19] mbedtls: Add SHA symbols for VPL' https://lore.kernel.org/u-boot/20250126184333.4058848-2-sjg@chromium.org/ Thanks regards, Raymond On Fri, 31 Jan 2025 at 09:38, Raymond Mao <raymond.mao@linaro.org> wrote: > > Hi Ilias, > > On Fri, 31 Jan 2025 at 08:40, Ilias Apalodimas > <ilias.apalodimas@linaro.org> wrote: > > > > Hi Raymond > > > > On Mon, 27 Jan 2025 at 17:17, Raymond Mao <raymond.mao@linaro.org> wrote: > > > > > > Currently building with WGET_HTTPS,NET_LWIP and MBEDTLS_LIB failed > > > due to a few incorrect kconfig dependencies. > > > Fix these and clarify what is the purpose of MBEDTLS_LIB_CRYPTO_ALT. > > > > > > Signed-off-by: Raymond Mao <raymond.mao@linaro.org> > > > --- > > > cmd/Kconfig | 1 - > > > lib/mbedtls/Kconfig | 8 +++++--- > > > 2 files changed, 5 insertions(+), 4 deletions(-) > > > > > > diff --git a/cmd/Kconfig b/cmd/Kconfig > > > index 1a0985ca479..071601b5ac2 100644 > > > --- a/cmd/Kconfig > > > +++ b/cmd/Kconfig > > > @@ -2161,7 +2161,6 @@ config WGET_HTTPS > > > select ASYMMETRIC_PUBLIC_KEY_SUBTYPE > > > select X509_CERTIFICATE_PARSER > > > select PKCS7_MESSAGE_PARSER > > > - select MBEDTLS_LIB_CRYPTO > > > select MBEDTLS_LIB_TLS > > > select RSA_VERIFY_WITH_PKEY > > > select X509_CERTIFICATE_PARSER > > > diff --git a/lib/mbedtls/Kconfig b/lib/mbedtls/Kconfig > > > index aa82336ef14..17ed2bc71de 100644 > > > --- a/lib/mbedtls/Kconfig > > > +++ b/lib/mbedtls/Kconfig > > > @@ -116,6 +116,7 @@ endif # LEGACY_CRYPTO_BASIC > > > > > > config LEGACY_CRYPTO_CERT > > > bool "legacy certificate libraries" > > > + depends on LEGACY_CRYPTO > > > select ASN1_DECODER_LEGACY if ASN1_DECODER > > > select ASYMMETRIC_PUBLIC_KEY_LEGACY if \ > > > ASYMMETRIC_PUBLIC_KEY_SUBTYPE > > > @@ -210,12 +211,13 @@ endif # LEGACY_CRYPTO > > > if MBEDTLS_LIB > > > > > > config MBEDTLS_LIB_CRYPTO_ALT > > > - bool "MbedTLS crypto alternatives" > > > + bool "Use legacy crypto libraries as MbedTLS alternatives" > > > depends on MBEDTLS_LIB && !MBEDTLS_LIB_CRYPTO > > > select LEGACY_CRYPTO_BASIC > > > default y if MBEDTLS_LIB && !MBEDTLS_LIB_CRYPTO > > > help > > > - Enable MbedTLS crypto alternatives. > > > + Enable MbedTLS crypto alternatives and replace it with legacy crypto > > > + libraries. > > > > This isn't too clear for someone that hasn't been involved with mbedTLS. > > Isn't that enabling U-Boot's hashing algorithms instead of the mbedTLS ones? > > > > Yes, currently only hashing will be replaced by U-Boot legacy crypto > when MBEDTLS_LIB_CRYPTO_ALT is selected. > But mbedtls provides more "alternatives" options than hashing. > The reason I keep it named as "_CRYPTO_ALT" is to allow us to extend > the usage other than hashing in the future. > > Regards, > Raymond > > > > Thanks > > /Ilias > > > Mutually incompatible with MBEDTLS_LIB_CRYPTO. > > > > > > config MBEDTLS_LIB_CRYPTO > > > @@ -451,7 +453,7 @@ config MBEDTLS_LIB_TLS > > > depends on ASYMMETRIC_PUBLIC_KEY_MBEDTLS > > > depends on ASN1_DECODER_MBEDTLS > > > depends on ASYMMETRIC_PUBLIC_KEY_MBEDTLS > > > - depends on MBEDTLS_LIB_CRYPTO > > > + depends on MBEDTLS_LIB > > > help > > > Enable MbedTLS TLS library. Required for HTTPs support > > > in wget > > > -- > > > 2.25.1 > > >
Sorry, please ignore my previous email. We should merge [v2]. On Wed, 26 Feb 2025 at 10:23, Raymond Mao <raymond.mao@linaro.org> wrote: > > Hi Tom, > > Is it able to merge this series for the upcoming release? > This series includes the hotfix for the building failures when > WGET_HTTPS,NET_LWIP and MBEDTLS_LIB are selected. > But it is rebased on one of Simon's patch: > '[PATCH 01/19] mbedtls: Add SHA symbols for VPL' > https://lore.kernel.org/u-boot/20250126184333.4058848-2-sjg@chromium.org/ > > Thanks regards, > Raymond > > On Fri, 31 Jan 2025 at 09:38, Raymond Mao <raymond.mao@linaro.org> wrote: > > > > Hi Ilias, > > > > On Fri, 31 Jan 2025 at 08:40, Ilias Apalodimas > > <ilias.apalodimas@linaro.org> wrote: > > > > > > Hi Raymond > > > > > > On Mon, 27 Jan 2025 at 17:17, Raymond Mao <raymond.mao@linaro.org> wrote: > > > > > > > > Currently building with WGET_HTTPS,NET_LWIP and MBEDTLS_LIB failed > > > > due to a few incorrect kconfig dependencies. > > > > Fix these and clarify what is the purpose of MBEDTLS_LIB_CRYPTO_ALT. > > > > > > > > Signed-off-by: Raymond Mao <raymond.mao@linaro.org> > > > > --- > > > > cmd/Kconfig | 1 - > > > > lib/mbedtls/Kconfig | 8 +++++--- > > > > 2 files changed, 5 insertions(+), 4 deletions(-) > > > > > > > > diff --git a/cmd/Kconfig b/cmd/Kconfig > > > > index 1a0985ca479..071601b5ac2 100644 > > > > --- a/cmd/Kconfig > > > > +++ b/cmd/Kconfig > > > > @@ -2161,7 +2161,6 @@ config WGET_HTTPS > > > > select ASYMMETRIC_PUBLIC_KEY_SUBTYPE > > > > select X509_CERTIFICATE_PARSER > > > > select PKCS7_MESSAGE_PARSER > > > > - select MBEDTLS_LIB_CRYPTO > > > > select MBEDTLS_LIB_TLS > > > > select RSA_VERIFY_WITH_PKEY > > > > select X509_CERTIFICATE_PARSER > > > > diff --git a/lib/mbedtls/Kconfig b/lib/mbedtls/Kconfig > > > > index aa82336ef14..17ed2bc71de 100644 > > > > --- a/lib/mbedtls/Kconfig > > > > +++ b/lib/mbedtls/Kconfig > > > > @@ -116,6 +116,7 @@ endif # LEGACY_CRYPTO_BASIC > > > > > > > > config LEGACY_CRYPTO_CERT > > > > bool "legacy certificate libraries" > > > > + depends on LEGACY_CRYPTO > > > > select ASN1_DECODER_LEGACY if ASN1_DECODER > > > > select ASYMMETRIC_PUBLIC_KEY_LEGACY if \ > > > > ASYMMETRIC_PUBLIC_KEY_SUBTYPE > > > > @@ -210,12 +211,13 @@ endif # LEGACY_CRYPTO > > > > if MBEDTLS_LIB > > > > > > > > config MBEDTLS_LIB_CRYPTO_ALT > > > > - bool "MbedTLS crypto alternatives" > > > > + bool "Use legacy crypto libraries as MbedTLS alternatives" > > > > depends on MBEDTLS_LIB && !MBEDTLS_LIB_CRYPTO > > > > select LEGACY_CRYPTO_BASIC > > > > default y if MBEDTLS_LIB && !MBEDTLS_LIB_CRYPTO > > > > help > > > > - Enable MbedTLS crypto alternatives. > > > > + Enable MbedTLS crypto alternatives and replace it with legacy crypto > > > > + libraries. > > > > > > This isn't too clear for someone that hasn't been involved with mbedTLS. > > > Isn't that enabling U-Boot's hashing algorithms instead of the mbedTLS ones? > > > > > > > Yes, currently only hashing will be replaced by U-Boot legacy crypto > > when MBEDTLS_LIB_CRYPTO_ALT is selected. > > But mbedtls provides more "alternatives" options than hashing. > > The reason I keep it named as "_CRYPTO_ALT" is to allow us to extend > > the usage other than hashing in the future. > > > > Regards, > > Raymond > > > > > > > Thanks > > > /Ilias > > > > Mutually incompatible with MBEDTLS_LIB_CRYPTO. > > > > > > > > config MBEDTLS_LIB_CRYPTO > > > > @@ -451,7 +453,7 @@ config MBEDTLS_LIB_TLS > > > > depends on ASYMMETRIC_PUBLIC_KEY_MBEDTLS > > > > depends on ASN1_DECODER_MBEDTLS > > > > depends on ASYMMETRIC_PUBLIC_KEY_MBEDTLS > > > > - depends on MBEDTLS_LIB_CRYPTO > > > > + depends on MBEDTLS_LIB > > > > help > > > > Enable MbedTLS TLS library. Required for HTTPs support > > > > in wget > > > > -- > > > > 2.25.1 > > > >
diff --git a/cmd/Kconfig b/cmd/Kconfig index 1a0985ca479..071601b5ac2 100644 --- a/cmd/Kconfig +++ b/cmd/Kconfig @@ -2161,7 +2161,6 @@ config WGET_HTTPS select ASYMMETRIC_PUBLIC_KEY_SUBTYPE select X509_CERTIFICATE_PARSER select PKCS7_MESSAGE_PARSER - select MBEDTLS_LIB_CRYPTO select MBEDTLS_LIB_TLS select RSA_VERIFY_WITH_PKEY select X509_CERTIFICATE_PARSER diff --git a/lib/mbedtls/Kconfig b/lib/mbedtls/Kconfig index aa82336ef14..17ed2bc71de 100644 --- a/lib/mbedtls/Kconfig +++ b/lib/mbedtls/Kconfig @@ -116,6 +116,7 @@ endif # LEGACY_CRYPTO_BASIC config LEGACY_CRYPTO_CERT bool "legacy certificate libraries" + depends on LEGACY_CRYPTO select ASN1_DECODER_LEGACY if ASN1_DECODER select ASYMMETRIC_PUBLIC_KEY_LEGACY if \ ASYMMETRIC_PUBLIC_KEY_SUBTYPE @@ -210,12 +211,13 @@ endif # LEGACY_CRYPTO if MBEDTLS_LIB config MBEDTLS_LIB_CRYPTO_ALT - bool "MbedTLS crypto alternatives" + bool "Use legacy crypto libraries as MbedTLS alternatives" depends on MBEDTLS_LIB && !MBEDTLS_LIB_CRYPTO select LEGACY_CRYPTO_BASIC default y if MBEDTLS_LIB && !MBEDTLS_LIB_CRYPTO help - Enable MbedTLS crypto alternatives. + Enable MbedTLS crypto alternatives and replace it with legacy crypto + libraries. Mutually incompatible with MBEDTLS_LIB_CRYPTO. config MBEDTLS_LIB_CRYPTO @@ -451,7 +453,7 @@ config MBEDTLS_LIB_TLS depends on ASYMMETRIC_PUBLIC_KEY_MBEDTLS depends on ASN1_DECODER_MBEDTLS depends on ASYMMETRIC_PUBLIC_KEY_MBEDTLS - depends on MBEDTLS_LIB_CRYPTO + depends on MBEDTLS_LIB help Enable MbedTLS TLS library. Required for HTTPs support in wget
Currently building with WGET_HTTPS,NET_LWIP and MBEDTLS_LIB failed due to a few incorrect kconfig dependencies. Fix these and clarify what is the purpose of MBEDTLS_LIB_CRYPTO_ALT. Signed-off-by: Raymond Mao <raymond.mao@linaro.org> --- cmd/Kconfig | 1 - lib/mbedtls/Kconfig | 8 +++++--- 2 files changed, 5 insertions(+), 4 deletions(-)