diff options
Diffstat (limited to 'gnu')
-rw-r--r-- | gnu/local.mk | 1 | ||||
-rw-r--r-- | gnu/packages/bootloaders.scm | 21 | ||||
-rw-r--r-- | gnu/packages/patches/u-boot-allow-disabling-openssl.patch | 164 |
3 files changed, 182 insertions, 4 deletions
diff --git a/gnu/local.mk b/gnu/local.mk index 13ee828399..2d52bba3ef 100644 --- a/gnu/local.mk +++ b/gnu/local.mk @@ -1837,6 +1837,7 @@ dist_patch_DATA = \ %D%/packages/patches/tup-unbundle-dependencies.patch \ %D%/packages/patches/tuxpaint-stamps-path.patch \ %D%/packages/patches/twinkle-bcg729.patch \ + %D%/packages/patches/u-boot-allow-disabling-openssl.patch \ %D%/packages/patches/u-boot-nintendo-nes-serial.patch \ %D%/packages/patches/u-boot-rockchip-inno-usb.patch \ %D%/packages/patches/u-boot-sifive-prevent-reloc-initrd-fdt.patch \ diff --git a/gnu/packages/bootloaders.scm b/gnu/packages/bootloaders.scm index 75cf618115..706ddf0207 100644 --- a/gnu/packages/bootloaders.scm +++ b/gnu/packages/bootloaders.scm @@ -499,13 +499,19 @@ tree binary files. These are board description files used by Linux and BSD.") ;; https://bugs.launchpad.net/ubuntu/+source/u-boot/+bug/1937246 (search-patch "u-boot-sifive-prevent-reloc-initrd-fdt.patch")) +(define %u-boot-allow-disabling-openssl-patch + ;; Fixes build of u-boot 2021.10 without openssl + ;; https://lists.denx.de/pipermail/u-boot/2021-October/462728.html + (search-patch "u-boot-allow-disabling-openssl.patch")) + (define u-boot (package (name "u-boot") - (version "2021.07") + (version "2021.10") (source (origin (patches (list %u-boot-rockchip-inno-usb-patch + %u-boot-allow-disabling-openssl-patch %u-boot-sifive-prevent-relocating-initrd-fdt)) (method url-fetch) (uri (string-append @@ -513,7 +519,7 @@ tree binary files. These are board description files used by Linux and BSD.") "u-boot-" version ".tar.bz2")) (sha256 (base32 - "0zm7igkdnz0w4ir8rfl2dislfrl0ip104grs5hvd30a5wkm7wari")))) + "1m0bvwv8r62s4wk4w3cmvs888dhv9gnfa98dczr4drk2jbhj7ryd")))) (native-inputs `(("bc" ,bc) ("bison" ,bison) @@ -585,7 +591,7 @@ def test_ctrl_c")) ;; See https://bugs.gnu.org/34717 for ;; details. (("CONFIG_FIT_SIGNATURE=y") - "CONFIG_FIT_SIGNATURE=n\nCONFIG_UT_LIB_ASN1=n") + "CONFIG_FIT_SIGNATURE=n\nCONFIG_UT_LIB_ASN1=n\nCONFIG_TOOLS_LIBCRYPTO=n") ;; This test requires a sound system, which is un-used ;; in u-boot-tools. (("CONFIG_SOUND=y") "CONFIG_SOUND=n"))) @@ -684,6 +690,12 @@ board-independent tools."))) suffix-len)))) (sort entries string-ci<))) (error "Invalid boardname ~s." ,board)))))) + (add-after 'configure 'disable-tools-libcrypto + ;; Disable libcrypto due to GPL and OpenSSL license + ;; incompatibilities + (lambda _ + (substitute* ".config" + (("CONFIG_TOOLS_LIBCRYPTO=.*$") "CONFIG_TOOLS_LIBCRYPTO=n")))) (replace 'install (lambda* (#:key outputs #:allow-other-keys) (let* ((out (assoc-ref outputs "out")) @@ -895,7 +907,8 @@ to Novena upstream, does not load u-boot.img from the first partition.") (source (origin (inherit (package-source u-boot)) (patches - (search-patches "u-boot-riscv64-fix-extlinux.patch"))))))) + (search-patches "u-boot-riscv64-fix-extlinux.patch" + %u-boot-allow-disabling-openssl-patch))))))) (define-public u-boot-sifive-unleashed (make-u-boot-package "sifive_unleashed" "riscv64-linux-gnu")) diff --git a/gnu/packages/patches/u-boot-allow-disabling-openssl.patch b/gnu/packages/patches/u-boot-allow-disabling-openssl.patch new file mode 100644 index 0000000000..e3ec92be84 --- /dev/null +++ b/gnu/packages/patches/u-boot-allow-disabling-openssl.patch @@ -0,0 +1,164 @@ +From f060e90d148270307228315e2759a0065ec1d796 Mon Sep 17 00:00:00 2001 +From: Vagrant Cascadian <vagrant@debian.org> +Date: Fri, 22 Oct 2021 17:34:53 -0700 +Subject: [PATCH] Revert "tools: kwbimage: Do not hide usage of secure header + under CONFIG_ARMADA_38X" + +This reverts commit b4f3cc2c42d97967a3a3c8796c340f6b07ecccac. +--- + tools/Makefile | 8 ++++++++ + tools/kwbimage.c | 22 ++++++++++++++++++++++ + 2 files changed, 30 insertions(+) + +diff --git a/tools/Makefile b/tools/Makefile +index 4a86321f64..9517f203fd 100644 +--- a/tools/Makefile ++++ b/tools/Makefile +@@ -169,6 +169,14 @@ HOST_EXTRACFLAGS += -DCONFIG_FIT_SIGNATURE_MAX_SIZE=0xffffffff + HOST_EXTRACFLAGS += -DCONFIG_FIT_CIPHER + endif + ++ifneq ($(CONFIG_SYS_U_BOOT_OFFS),) ++HOSTCFLAGS_kwbimage.o += -DCONFIG_SYS_U_BOOT_OFFS=$(CONFIG_SYS_U_BOOT_OFFS) ++endif ++ ++ifneq ($(CONFIG_ARMADA_38X),) ++HOSTCFLAGS_kwbimage.o += -DCONFIG_KWB_SECURE ++endif ++ + # MXSImage needs LibSSL + ifneq ($(CONFIG_MX23)$(CONFIG_MX28)$(CONFIG_ARMADA_38X)$(CONFIG_TOOLS_LIBCRYPTO),) + HOSTCFLAGS_kwbimage.o += \ +diff --git a/tools/kwbimage.c b/tools/kwbimage.c +index d200ff2425..23d6be3c9a 100644 +--- a/tools/kwbimage.c ++++ b/tools/kwbimage.c +@@ -14,6 +14,7 @@ + #include <stdint.h> + #include "kwbimage.h" + ++#ifdef CONFIG_KWB_SECURE + #include <openssl/bn.h> + #include <openssl/rsa.h> + #include <openssl/pem.h> +@@ -39,10 +40,13 @@ void EVP_MD_CTX_cleanup(EVP_MD_CTX *ctx) + EVP_MD_CTX_reset(ctx); + } + #endif ++#endif + + static struct image_cfg_element *image_cfg; + static int cfgn; ++#ifdef CONFIG_KWB_SECURE + static int verbose_mode; ++#endif + + struct boot_mode { + unsigned int id; +@@ -237,6 +241,8 @@ image_count_options(unsigned int optiontype) + return count; + } + ++#if defined(CONFIG_KWB_SECURE) ++ + static int image_get_csk_index(void) + { + struct image_cfg_element *e; +@@ -259,6 +265,8 @@ static bool image_get_spezialized_img(void) + return e->sec_specialized_img; + } + ++#endif ++ + /* + * Compute a 8-bit checksum of a memory area. This algorithm follows + * the requirements of the Marvell SoC BootROM specifications. +@@ -353,6 +361,7 @@ static uint8_t baudrate_to_option(unsigned int baudrate) + } + } + ++#if defined(CONFIG_KWB_SECURE) + static void kwb_msg(const char *fmt, ...) + { + if (verbose_mode) { +@@ -847,6 +856,8 @@ done: + return ret; + } + ++#endif ++ + static void *image_create_v0(size_t *imagesz, struct image_tool_params *params, + int payloadsz) + { +@@ -977,11 +988,13 @@ static size_t image_headersz_v1(int *hasext) + *hasext = 1; + } + ++#if defined(CONFIG_KWB_SECURE) + if (image_get_csk_index() >= 0) { + headersz += sizeof(struct secure_hdr_v1); + if (hasext) + *hasext = 1; + } ++#endif + + /* + * The payload should be aligned on some reasonable +@@ -1058,6 +1071,8 @@ err_close: + return -1; + } + ++#if defined(CONFIG_KWB_SECURE) ++ + int export_pub_kak_hash(RSA *kak, struct secure_hdr_v1 *secure_hdr) + { + FILE *hashf; +@@ -1170,6 +1185,7 @@ int add_secure_header_v1(struct image_tool_params *params, uint8_t *ptr, + + return 0; + } ++#endif + + static void *image_create_v1(size_t *imagesz, struct image_tool_params *params, + uint8_t *ptr, int payloadsz) +@@ -1177,7 +1193,9 @@ static void *image_create_v1(size_t *imagesz, struct image_tool_params *params, + struct image_cfg_element *e; + struct main_hdr_v1 *main_hdr; + struct register_set_hdr_v1 *register_set_hdr; ++#if defined(CONFIG_KWB_SECURE) + struct secure_hdr_v1 *secure_hdr = NULL; ++#endif + size_t headersz; + uint8_t *image, *cur; + int hasext = 0; +@@ -1253,6 +1271,7 @@ static void *image_create_v1(size_t *imagesz, struct image_tool_params *params, + if (main_hdr->blockid == IBR_HDR_PEX_ID) + main_hdr->srcaddr = cpu_to_le32(0xFFFFFFFF); + ++#if defined(CONFIG_KWB_SECURE) + if (image_get_csk_index() >= 0) { + /* + * only reserve the space here; we fill the header later since +@@ -1263,6 +1282,7 @@ static void *image_create_v1(size_t *imagesz, struct image_tool_params *params, + *next_ext = 1; + next_ext = &secure_hdr->next; + } ++#endif + + datai = 0; + register_set_hdr = (struct register_set_hdr_v1 *)cur; +@@ -1310,9 +1330,11 @@ static void *image_create_v1(size_t *imagesz, struct image_tool_params *params, + return NULL; + } + ++#if defined(CONFIG_KWB_SECURE) + if (secure_hdr && add_secure_header_v1(params, ptr, payloadsz, + headersz, image, secure_hdr)) + return NULL; ++#endif + + /* Calculate and set the header checksum */ + main_hdr->checksum = image_checksum8(main_hdr, headersz); +-- +2.30.2 + |