On Wed, May 12, 2021 at 03:59:47PM +0900, Masahisa Kojima wrote:
> Build error occurs when CONFIG_EFI_SECURE_BOOT/
> CONFIG_EFI_CAPSULE_AUTHENTICATE/CONFIG_EFI_TCG2_PROTOCOL
> is enabled, because hash-checksum.c is not compiled.
>
> With the following commit,
> commit 0bcb28dfb946 ("lib: Rename rsa-checksum.c to hash-checksum.c")
> CONFIG_FIT_SIGNATURE option is required to use hash_calculate() function.
>
> This commit adds CONFIG_FIT_SIGNATURE option in Kconfig, and missing
> required options for CONFIG_EFI_TCG2_PROTOCOL.
>
> Signed-off-by: Masahisa Kojima <[email protected]>
> ---
>
> Changes in v4:
> - newly added in this patch series, due to rebasing
> the base code.
>
> lib/efi_loader/Kconfig | 8 ++++++++
> 1 file changed, 8 insertions(+)
>
> diff --git a/lib/efi_loader/Kconfig b/lib/efi_loader/Kconfig
> index b76e77180e..93463fb362 100644
> --- a/lib/efi_loader/Kconfig
> +++ b/lib/efi_loader/Kconfig
> @@ -175,6 +175,7 @@ config EFI_CAPSULE_AUTHENTICATE
> select PKCS7_VERIFY
> select IMAGE_SIGN_INFO
> select EFI_SIGNATURE_SUPPORT
> + select FIT_SIGNATURE
> default n
> help
> Select this option if you want to enable capsule
> @@ -302,6 +303,12 @@ config EFI_RNG_PROTOCOL
> config EFI_TCG2_PROTOCOL
> bool "EFI_TCG2_PROTOCOL support"
> depends on TPM_V2
> + select FIT_SIGNATURE
> + select SHA1
> + select SHA256
> + select SHA512_ALGO
> + select SHA384
> + select SHA512
> help
> Provide a EFI_TCG2_PROTOCOL implementation using the TPM hardware
> of the platform.
> @@ -338,6 +345,7 @@ config EFI_SECURE_BOOT
> select PKCS7_MESSAGE_PARSER
> select PKCS7_VERIFY
> select EFI_SIGNATURE_SUPPORT
> + select FIT_SIGNATURE
> default n
> help
> Select this option to enable EFI secure boot support.
> --
> 2.17.1
>
I've sent a similar patch yesterday that Heinrich already applied on his
tree, you'll only need to add FIT_SIGNATURE now
Cheers
/Ilias
