[v6,1/3] lib: fix build error for secure boot and capsule authentication

Message ID 20210513071831.9969-2-masahisa.kojima@linaro.org
State New
Headers show
Series
  • PE/COFF measurement support
Related show

Commit Message

Masahisa Kojima May 13, 2021, 7:18 a.m.
Build error occurs when CONFIG_EFI_SECURE_BOOT or
CONFIG_EFI_CAPSULE_AUTHENTICATE is enabled,
because hash-checksum.c is not compiled.

This commit adds hash-checksum.c as a compilation target
if CONFIG_EFI_SECURE_BOOT or CONFIG_EFI_CAPSULE_AUTHENTICATE
is enabled.

Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org>

---

Changes in v6:
- update lib/Makefile to compile hash-checksum.c, instead of
  selecting FIT_SIGNATURE in secure boot and capsule authentication.

Changes in v5:
- Missing option for EFI_TCG2_PROTOROL already added in different commit.
  This commit adds FIT_SIGNATURE only.

Changes in v4:
- newly added in this patch series, due to rebasing
  the base code.

 lib/Makefile | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

-- 
2.17.1

Comments

AKASHI Takahiro May 13, 2021, 7:52 a.m. | #1
On Thu, May 13, 2021 at 04:18:29PM +0900, Masahisa Kojima wrote:
> Build error occurs when CONFIG_EFI_SECURE_BOOT or

> CONFIG_EFI_CAPSULE_AUTHENTICATE is enabled,

> because hash-checksum.c is not compiled.

> 

> This commit adds hash-checksum.c as a compilation target

> if CONFIG_EFI_SECURE_BOOT or CONFIG_EFI_CAPSULE_AUTHENTICATE

> is enabled.

> 

> Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org>

> ---

> 

> Changes in v6:

> - update lib/Makefile to compile hash-checksum.c, instead of

>   selecting FIT_SIGNATURE in secure boot and capsule authentication.

> 

> Changes in v5:

> - Missing option for EFI_TCG2_PROTOROL already added in different commit.

>   This commit adds FIT_SIGNATURE only.

> 

> Changes in v4:

> - newly added in this patch series, due to rebasing

>   the base code.

> 

>  lib/Makefile | 5 ++++-

>  1 file changed, 4 insertions(+), 1 deletion(-)

> 

> diff --git a/lib/Makefile b/lib/Makefile

> index 6825671955..bd022dd5d3 100644

> --- a/lib/Makefile

> +++ b/lib/Makefile

> @@ -61,7 +61,10 @@ endif

>  obj-$(CONFIG_$(SPL_)ACPIGEN) += acpi/

>  obj-$(CONFIG_$(SPL_)MD5) += md5.o

>  obj-$(CONFIG_$(SPL_)RSA) += rsa/

> -obj-$(CONFIG_FIT_SIGNATURE) += hash-checksum.o

> +ifneq (,$(filter y,$(CONFIG_FIT_SIGNATURE)$(CONFIG_EFI_SECURE_BOOT)\

> +$(CONFIG_EFI_CAPSULE_AUTHENTICATE)))

> +obj-y += hash-checksum.o

> +endif


Why not create a new kconfig option here?
There is a good reason to do so if there are more than one users.

Otherwise, every new user of hash_calculate() needs
to modify generic Makefile.


-Takahiro Akashi


>  obj-$(CONFIG_SHA1) += sha1.o

>  obj-$(CONFIG_SHA256) += sha256.o

>  obj-$(CONFIG_SHA512_ALGO) += sha512.o

> -- 

> 2.17.1

>
Masahisa Kojima May 13, 2021, 1:51 p.m. | #2
On Thu, 13 May 2021 at 16:52, Takahiro Akashi
<takahiro.akashi@linaro.org> wrote:
>

> On Thu, May 13, 2021 at 04:18:29PM +0900, Masahisa Kojima wrote:

> > Build error occurs when CONFIG_EFI_SECURE_BOOT or

> > CONFIG_EFI_CAPSULE_AUTHENTICATE is enabled,

> > because hash-checksum.c is not compiled.

> >

> > This commit adds hash-checksum.c as a compilation target

> > if CONFIG_EFI_SECURE_BOOT or CONFIG_EFI_CAPSULE_AUTHENTICATE

> > is enabled.

> >

> > Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org>

> > ---

> >

> > Changes in v6:

> > - update lib/Makefile to compile hash-checksum.c, instead of

> >   selecting FIT_SIGNATURE in secure boot and capsule authentication.

> >

> > Changes in v5:

> > - Missing option for EFI_TCG2_PROTOROL already added in different commit.

> >   This commit adds FIT_SIGNATURE only.

> >

> > Changes in v4:

> > - newly added in this patch series, due to rebasing

> >   the base code.

> >

> >  lib/Makefile | 5 ++++-

> >  1 file changed, 4 insertions(+), 1 deletion(-)

> >

> > diff --git a/lib/Makefile b/lib/Makefile

> > index 6825671955..bd022dd5d3 100644

> > --- a/lib/Makefile

> > +++ b/lib/Makefile

> > @@ -61,7 +61,10 @@ endif

> >  obj-$(CONFIG_$(SPL_)ACPIGEN) += acpi/

> >  obj-$(CONFIG_$(SPL_)MD5) += md5.o

> >  obj-$(CONFIG_$(SPL_)RSA) += rsa/

> > -obj-$(CONFIG_FIT_SIGNATURE) += hash-checksum.o

> > +ifneq (,$(filter y,$(CONFIG_FIT_SIGNATURE)$(CONFIG_EFI_SECURE_BOOT)\

> > +$(CONFIG_EFI_CAPSULE_AUTHENTICATE)))

> > +obj-y += hash-checksum.o

> > +endif

>

> Why not create a new kconfig option here?

> There is a good reason to do so if there are more than one users.

>

> Otherwise, every new user of hash_calculate() needs

> to modify generic Makefile.


I agree with this suggestion, I will send new patch.
Thank you for your comment.

Thanks,
Masahisa Kojima
>

> -Takahiro Akashi

>

>

> >  obj-$(CONFIG_SHA1) += sha1.o

> >  obj-$(CONFIG_SHA256) += sha256.o

> >  obj-$(CONFIG_SHA512_ALGO) += sha512.o

> > --

> > 2.17.1

> >

Patch

diff --git a/lib/Makefile b/lib/Makefile
index 6825671955..bd022dd5d3 100644
--- a/lib/Makefile
+++ b/lib/Makefile
@@ -61,7 +61,10 @@  endif
 obj-$(CONFIG_$(SPL_)ACPIGEN) += acpi/
 obj-$(CONFIG_$(SPL_)MD5) += md5.o
 obj-$(CONFIG_$(SPL_)RSA) += rsa/
-obj-$(CONFIG_FIT_SIGNATURE) += hash-checksum.o
+ifneq (,$(filter y,$(CONFIG_FIT_SIGNATURE)$(CONFIG_EFI_SECURE_BOOT)\
+$(CONFIG_EFI_CAPSULE_AUTHENTICATE)))
+obj-y += hash-checksum.o
+endif
 obj-$(CONFIG_SHA1) += sha1.o
 obj-$(CONFIG_SHA256) += sha256.o
 obj-$(CONFIG_SHA512_ALGO) += sha512.o