> > vboot is used for more than just boot verification these days, we use > > it as a sort of generic crypto toolbox for all of coreboot's crypto > > needs (because it wouldn't make sense to implement, say, SHA-256 > > algorithms twice). For host utilities in particular, some of these are > > needed in cbfstool (e.g. for the --hash-algorithm parameter to add a > > hash attribute to a file), and there is no Kconfig cbfstool so you > > can't just configure it out if you don't need it. > > It is clear that I don't need that functionality when I build a > coreboot version without any vboot code, right?
It's just an optional feature of cbfstool, it actually doesn't have anything to do with the firmware verification part of vboot. I mean, yes, you may not need it, but you may just as likely not need --alignment or --topswap-size or --empty-fits, or the locate, compact and add-flat-binary commands, or any other optional niche case feature that is supported in cbfstool. cbfstool is a toolbox utility that supports everything people may want to do with CBFS images, not all of which everyone necessarily needs. And it currently doesn't have a configuration infrastructure like Kconfig to disable individual features (and I hope that shouldn't become necessary either, because that would just make it complicated and confusing). The goal with linking vboot into cbfstool is generally to be transparent, it's just pulling a few routines from a submodule, you're not really supposed to notice it. Just like when you run `make unit-tests` it's pulling in a third-party testing library from a submodule but generally you don't need to care about those details either. Unfortunately, if there is a situation where you can run into issues that Jenkins couldn't test for, you may see those issues anywhere in the code you build including inside those submodules, but I think that's really a problem with Jenkins and not one one with using submodules. I am just saying I don't think this discussion should be about vboot just because an issue that could have occurred in literally any piece of code happened to occur in vboot code. _______________________________________________ coreboot mailing list -- [email protected] To unsubscribe send an email to [email protected]
