summary refs log tree commit diff
diff options
context:
space:
mode:
-rw-r--r--gnu/local.mk1
-rw-r--r--gnu/packages/bootloaders.scm21
-rw-r--r--gnu/packages/patches/u-boot-allow-disabling-openssl.patch164
3 files changed, 182 insertions, 4 deletions
diff --git a/gnu/local.mk b/gnu/local.mk
index 13ee828399..2d52bba3ef 100644
--- a/gnu/local.mk
+++ b/gnu/local.mk
@@ -1837,6 +1837,7 @@ dist_patch_DATA =						\
   %D%/packages/patches/tup-unbundle-dependencies.patch		\
   %D%/packages/patches/tuxpaint-stamps-path.patch		\
   %D%/packages/patches/twinkle-bcg729.patch			\
+  %D%/packages/patches/u-boot-allow-disabling-openssl.patch	\
   %D%/packages/patches/u-boot-nintendo-nes-serial.patch		\
   %D%/packages/patches/u-boot-rockchip-inno-usb.patch		\
   %D%/packages/patches/u-boot-sifive-prevent-reloc-initrd-fdt.patch	\
diff --git a/gnu/packages/bootloaders.scm b/gnu/packages/bootloaders.scm
index 75cf618115..706ddf0207 100644
--- a/gnu/packages/bootloaders.scm
+++ b/gnu/packages/bootloaders.scm
@@ -499,13 +499,19 @@ tree binary files.  These are board description files used by Linux and BSD.")
   ;; https://bugs.launchpad.net/ubuntu/+source/u-boot/+bug/1937246
   (search-patch "u-boot-sifive-prevent-reloc-initrd-fdt.patch"))
 
+(define %u-boot-allow-disabling-openssl-patch
+  ;; Fixes build of u-boot 2021.10 without openssl
+  ;; https://lists.denx.de/pipermail/u-boot/2021-October/462728.html
+  (search-patch "u-boot-allow-disabling-openssl.patch"))
+
 (define u-boot
   (package
     (name "u-boot")
-    (version "2021.07")
+    (version "2021.10")
     (source (origin
 	      (patches
                (list %u-boot-rockchip-inno-usb-patch
+                     %u-boot-allow-disabling-openssl-patch
                      %u-boot-sifive-prevent-relocating-initrd-fdt))
               (method url-fetch)
               (uri (string-append
@@ -513,7 +519,7 @@ tree binary files.  These are board description files used by Linux and BSD.")
                     "u-boot-" version ".tar.bz2"))
               (sha256
                (base32
-                "0zm7igkdnz0w4ir8rfl2dislfrl0ip104grs5hvd30a5wkm7wari"))))
+                "1m0bvwv8r62s4wk4w3cmvs888dhv9gnfa98dczr4drk2jbhj7ryd"))))
     (native-inputs
      `(("bc" ,bc)
        ("bison" ,bison)
@@ -585,7 +591,7 @@ def test_ctrl_c"))
                                   ;; See https://bugs.gnu.org/34717 for
                                   ;; details.
                                   (("CONFIG_FIT_SIGNATURE=y")
-                                   "CONFIG_FIT_SIGNATURE=n\nCONFIG_UT_LIB_ASN1=n")
+                                   "CONFIG_FIT_SIGNATURE=n\nCONFIG_UT_LIB_ASN1=n\nCONFIG_TOOLS_LIBCRYPTO=n")
                                   ;; This test requires a sound system, which is un-used
                                   ;; in u-boot-tools.
                                   (("CONFIG_SOUND=y") "CONFIG_SOUND=n")))
@@ -684,6 +690,12 @@ board-independent tools.")))
                                                                   suffix-len))))
                                    (sort entries string-ci<)))
                        (error "Invalid boardname ~s." ,board))))))
+           (add-after 'configure 'disable-tools-libcrypto
+             ;; Disable libcrypto due to GPL and OpenSSL license
+             ;; incompatibilities
+             (lambda _
+               (substitute* ".config"
+                 (("CONFIG_TOOLS_LIBCRYPTO=.*$") "CONFIG_TOOLS_LIBCRYPTO=n"))))
            (replace 'install
              (lambda* (#:key outputs #:allow-other-keys)
                (let* ((out (assoc-ref outputs "out"))
@@ -895,7 +907,8 @@ to Novena upstream, does not load u-boot.img from the first partition.")
       (source (origin
                 (inherit (package-source u-boot))
                 (patches
-                 (search-patches "u-boot-riscv64-fix-extlinux.patch")))))))
+                 (search-patches "u-boot-riscv64-fix-extlinux.patch"
+                                 %u-boot-allow-disabling-openssl-patch)))))))
 
 (define-public u-boot-sifive-unleashed
   (make-u-boot-package "sifive_unleashed" "riscv64-linux-gnu"))
diff --git a/gnu/packages/patches/u-boot-allow-disabling-openssl.patch b/gnu/packages/patches/u-boot-allow-disabling-openssl.patch
new file mode 100644
index 0000000000..e3ec92be84
--- /dev/null
+++ b/gnu/packages/patches/u-boot-allow-disabling-openssl.patch
@@ -0,0 +1,164 @@
+From f060e90d148270307228315e2759a0065ec1d796 Mon Sep 17 00:00:00 2001
+From: Vagrant Cascadian <vagrant@debian.org>
+Date: Fri, 22 Oct 2021 17:34:53 -0700
+Subject: [PATCH] Revert "tools: kwbimage: Do not hide usage of secure header
+ under CONFIG_ARMADA_38X"
+
+This reverts commit b4f3cc2c42d97967a3a3c8796c340f6b07ecccac.
+---
+ tools/Makefile   |  8 ++++++++
+ tools/kwbimage.c | 22 ++++++++++++++++++++++
+ 2 files changed, 30 insertions(+)
+
+diff --git a/tools/Makefile b/tools/Makefile
+index 4a86321f64..9517f203fd 100644
+--- a/tools/Makefile
++++ b/tools/Makefile
+@@ -169,6 +169,14 @@ HOST_EXTRACFLAGS	+= -DCONFIG_FIT_SIGNATURE_MAX_SIZE=0xffffffff
+ HOST_EXTRACFLAGS	+= -DCONFIG_FIT_CIPHER
+ endif
+ 
++ifneq ($(CONFIG_SYS_U_BOOT_OFFS),)
++HOSTCFLAGS_kwbimage.o += -DCONFIG_SYS_U_BOOT_OFFS=$(CONFIG_SYS_U_BOOT_OFFS)
++endif
++
++ifneq ($(CONFIG_ARMADA_38X),)
++HOSTCFLAGS_kwbimage.o += -DCONFIG_KWB_SECURE
++endif
++
+ # MXSImage needs LibSSL
+ ifneq ($(CONFIG_MX23)$(CONFIG_MX28)$(CONFIG_ARMADA_38X)$(CONFIG_TOOLS_LIBCRYPTO),)
+ HOSTCFLAGS_kwbimage.o += \
+diff --git a/tools/kwbimage.c b/tools/kwbimage.c
+index d200ff2425..23d6be3c9a 100644
+--- a/tools/kwbimage.c
++++ b/tools/kwbimage.c
+@@ -14,6 +14,7 @@
+ #include <stdint.h>
+ #include "kwbimage.h"
+ 
++#ifdef CONFIG_KWB_SECURE
+ #include <openssl/bn.h>
+ #include <openssl/rsa.h>
+ #include <openssl/pem.h>
+@@ -39,10 +40,13 @@ void EVP_MD_CTX_cleanup(EVP_MD_CTX *ctx)
+ 	EVP_MD_CTX_reset(ctx);
+ }
+ #endif
++#endif
+ 
+ static struct image_cfg_element *image_cfg;
+ static int cfgn;
++#ifdef CONFIG_KWB_SECURE
+ static int verbose_mode;
++#endif
+ 
+ struct boot_mode {
+ 	unsigned int id;
+@@ -237,6 +241,8 @@ image_count_options(unsigned int optiontype)
+ 	return count;
+ }
+ 
++#if defined(CONFIG_KWB_SECURE)
++
+ static int image_get_csk_index(void)
+ {
+ 	struct image_cfg_element *e;
+@@ -259,6 +265,8 @@ static bool image_get_spezialized_img(void)
+ 	return e->sec_specialized_img;
+ }
+ 
++#endif
++
+ /*
+  * Compute a 8-bit checksum of a memory area. This algorithm follows
+  * the requirements of the Marvell SoC BootROM specifications.
+@@ -353,6 +361,7 @@ static uint8_t baudrate_to_option(unsigned int baudrate)
+ 	}
+ }
+ 
++#if defined(CONFIG_KWB_SECURE)
+ static void kwb_msg(const char *fmt, ...)
+ {
+ 	if (verbose_mode) {
+@@ -847,6 +856,8 @@ done:
+ 	return ret;
+ }
+ 
++#endif
++
+ static void *image_create_v0(size_t *imagesz, struct image_tool_params *params,
+ 			     int payloadsz)
+ {
+@@ -977,11 +988,13 @@ static size_t image_headersz_v1(int *hasext)
+ 			*hasext = 1;
+ 	}
+ 
++#if defined(CONFIG_KWB_SECURE)
+ 	if (image_get_csk_index() >= 0) {
+ 		headersz += sizeof(struct secure_hdr_v1);
+ 		if (hasext)
+ 			*hasext = 1;
+ 	}
++#endif
+ 
+ 	/*
+ 	 * The payload should be aligned on some reasonable
+@@ -1058,6 +1071,8 @@ err_close:
+ 	return -1;
+ }
+ 
++#if defined(CONFIG_KWB_SECURE)
++
+ int export_pub_kak_hash(RSA *kak, struct secure_hdr_v1 *secure_hdr)
+ {
+ 	FILE *hashf;
+@@ -1170,6 +1185,7 @@ int add_secure_header_v1(struct image_tool_params *params, uint8_t *ptr,
+ 
+ 	return 0;
+ }
++#endif
+ 
+ static void *image_create_v1(size_t *imagesz, struct image_tool_params *params,
+ 			     uint8_t *ptr, int payloadsz)
+@@ -1177,7 +1193,9 @@ static void *image_create_v1(size_t *imagesz, struct image_tool_params *params,
+ 	struct image_cfg_element *e;
+ 	struct main_hdr_v1 *main_hdr;
+ 	struct register_set_hdr_v1 *register_set_hdr;
++#if defined(CONFIG_KWB_SECURE)
+ 	struct secure_hdr_v1 *secure_hdr = NULL;
++#endif
+ 	size_t headersz;
+ 	uint8_t *image, *cur;
+ 	int hasext = 0;
+@@ -1253,6 +1271,7 @@ static void *image_create_v1(size_t *imagesz, struct image_tool_params *params,
+ 	if (main_hdr->blockid == IBR_HDR_PEX_ID)
+ 		main_hdr->srcaddr = cpu_to_le32(0xFFFFFFFF);
+ 
++#if defined(CONFIG_KWB_SECURE)
+ 	if (image_get_csk_index() >= 0) {
+ 		/*
+ 		 * only reserve the space here; we fill the header later since
+@@ -1263,6 +1282,7 @@ static void *image_create_v1(size_t *imagesz, struct image_tool_params *params,
+ 		*next_ext = 1;
+ 		next_ext = &secure_hdr->next;
+ 	}
++#endif
+ 
+ 	datai = 0;
+ 	register_set_hdr = (struct register_set_hdr_v1 *)cur;
+@@ -1310,9 +1330,11 @@ static void *image_create_v1(size_t *imagesz, struct image_tool_params *params,
+ 			return NULL;
+ 	}
+ 
++#if defined(CONFIG_KWB_SECURE)
+ 	if (secure_hdr && add_secure_header_v1(params, ptr, payloadsz,
+ 					       headersz, image, secure_hdr))
+ 		return NULL;
++#endif
+ 
+ 	/* Calculate and set the header checksum */
+ 	main_hdr->checksum = image_checksum8(main_hdr, headersz);
+-- 
+2.30.2
+