unofficial mirror of guix-devel@gnu.org 
 help / color / mirror / code / Atom feed
blob 9201f9a51de3a6a75ad34dbfe7ddb02be0351b22 4041 bytes (raw)
name: packages/patches/u-boot-allow-disabling-openssl.patch 	 # note: path name is non-authoritative(*)

  1
  2
  3
  4
  5
  6
  7
  8
  9
 10
 11
 12
 13
 14
 15
 16
 17
 18
 19
 20
 21
 22
 23
 24
 25
 26
 27
 28
 29
 30
 31
 32
 33
 34
 35
 36
 37
 38
 39
 40
 41
 42
 43
 44
 45
 46
 47
 48
 49
 50
 51
 52
 53
 54
 55
 56
 57
 58
 59
 60
 61
 62
 63
 64
 65
 66
 67
 68
 69
 70
 71
 72
 73
 74
 75
 76
 77
 78
 79
 80
 81
 82
 83
 84
 85
 86
 87
 88
 89
 90
 91
 92
 93
 94
 95
 96
 97
 98
 99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
 
From: Vagrant Cascadian <vagrant@debian.org>
Date: Fri, 22 Oct 2021 17:34:53 -0700
Subject: [PATCH] Revert "tools: kwbimage: Do not hide usage of secure header
 under CONFIG_ARMADA_38X"

This reverts commit b4f3cc2c42d97967a3a3c8796c340f6b07ecccac.

Addendum 2022-12-08, Ricardo Wurmus: This patch has been updated to introduce
CONFIG_FIT_PRELOAD to remove fit_pre_load_data, which depends on openssl.

Addendum 2024-01-18, Herman Rimm: Patch updated to leave out upstreamed
diffs with CONFIG_FIT_PRELOAD.

diff --git a/tools/kwbimage.c b/tools/kwbimage.c
index 4dce495ff0..976174ae77 100644
--- a/tools/kwbimage.c
+++ b/tools/kwbimage.c
@@ -19,6 +19,7 @@
 #include <stdint.h>
 #include "kwbimage.h"
 
+#ifdef CONFIG_KWB_SECURE
 #include <openssl/bn.h>
 #include <openssl/rsa.h>
 #include <openssl/pem.h>
@@ -44,6 +45,7 @@ void EVP_MD_CTX_cleanup(EVP_MD_CTX *ctx)
 	EVP_MD_CTX_reset(ctx);
 }
 #endif
+#endif
 
 /* fls - find last (most-significant) bit set in 4-bit integer */
 static inline int fls4(int num)
@@ -62,7 +64,9 @@ static inline int fls4(int num)
 
 static struct image_cfg_element *image_cfg;
 static int cfgn;
+#ifdef CONFIG_KWB_SECURE
 static int verbose_mode;
+#endif
 
 struct boot_mode {
 	unsigned int id;
@@ -281,6 +285,8 @@ image_count_options(unsigned int optiontype)
 	return count;
 }
 
+#if defined(CONFIG_KWB_SECURE)
+
 static int image_get_csk_index(void)
 {
 	struct image_cfg_element *e;
@@ -291,6 +297,7 @@ static int image_get_csk_index(void)
 
 	return e->csk_idx;
 }
+#endif
 
 static bool image_get_spezialized_img(void)
 {
@@ -435,6 +442,7 @@ static uint8_t baudrate_to_option(unsigned int baudrate)
 	}
 }
 
+#if defined(CONFIG_KWB_SECURE)
 static void kwb_msg(const char *fmt, ...)
 {
 	if (verbose_mode) {
@@ -929,6 +937,7 @@ static int kwb_dump_fuse_cmds(struct secure_hdr_v1 *sec_hdr)
 done:
 	return ret;
 }
+#endif
 
 static int image_fill_xip_header(void *image, struct image_tool_params *params)
 {
@@ -1149,13 +1158,13 @@ static size_t image_headersz_v1(int *hasext)
 	int ret;
 
 	headersz = sizeof(struct main_hdr_v1);
-
+#if defined(CONFIG_KWB_SECURE)
 	if (image_get_csk_index() >= 0) {
 		headersz += sizeof(struct secure_hdr_v1);
 		if (hasext)
 			*hasext = 1;
 	}
-
+#endif
 	cpu_sheeva = image_is_cpu_sheeva();
 
 	count = 0;
@@ -1351,6 +1360,7 @@ err_close:
 	return -1;
 }
 
+#if defined(CONFIG_KWB_SECURE)
 static int export_pub_kak_hash(RSA *kak, struct secure_hdr_v1 *secure_hdr)
 {
 	FILE *hashf;
@@ -1458,6 +1468,7 @@ static int add_secure_header_v1(struct image_tool_params *params, uint8_t *image
 
 	return 0;
 }
+#endif
 
 static void finish_register_set_header_v1(uint8_t **cur, uint8_t **next_ext,
 					  struct register_set_hdr_v1 *register_set_hdr,
@@ -1481,7 +1492,9 @@ static void *image_create_v1(size_t *dataoff, struct image_tool_params *params,
 	struct image_cfg_element *e;
 	struct main_hdr_v1 *main_hdr;
 	struct register_set_hdr_v1 *register_set_hdr;
+#if defined(CONFIG_KWB_SECURE)
 	struct secure_hdr_v1 *secure_hdr = NULL;
+#endif
 	size_t headersz;
 	uint8_t *image, *cur;
 	int hasext = 0;
@@ -1562,7 +1575,7 @@ static void *image_create_v1(size_t *dataoff, struct image_tool_params *params,
 		}
 		*dataoff = le32_to_cpu(main_hdr->srcaddr);
 	}
-
+#if defined(CONFIG_KWB_SECURE)
 	if (image_get_csk_index() >= 0) {
 		/*
 		 * only reserve the space here; we fill the header later since
@@ -1573,7 +1586,7 @@ static void *image_create_v1(size_t *dataoff, struct image_tool_params *params,
 		*next_ext = 1;
 		next_ext = &secure_hdr->next;
 	}
-
+#endif
 	datai = 0;
 	for (cfgi = 0; cfgi < cfgn; cfgi++) {
 		e = &image_cfg[cfgi];
@@ -1624,9 +1637,11 @@ static void *image_create_v1(size_t *dataoff, struct image_tool_params *params,
 					      &datai, delay);
 	}
 
+#if defined(CONFIG_KWB_SECURE)
 	if (secure_hdr && add_secure_header_v1(params, ptr + *dataoff, payloadsz,
 					       image, headersz, secure_hdr))
 		return NULL;
+#endif
 
 	/* Calculate and set the header checksum */
 	main_hdr->checksum = image_checksum8(main_hdr, headersz);

debug log:

solving 9201f9a51de3a6a75ad34dbfe7ddb02be0351b22 ...
found 9201f9a51de3a6a75ad34dbfe7ddb02be0351b22 in https://git.savannah.gnu.org/cgit/guix.git

(*) Git path names are given by the tree(s) the blob belongs to.
    Blobs themselves have no identifier aside from the hash of its contents.^

Code repositories for project(s) associated with this public inbox

	https://git.savannah.gnu.org/cgit/guix.git

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).