Hi Tom,
On 24/02/2025 17:31, Tom Rini wrote:
On Fri, Feb 21, 2025 at 11:38:18AM -0600, Tom Rini wrote:
On Wed, 12 Feb 2025 10:31:20 +0100, Paul HENRYS wrote:
This serie of patches adds a new tool to authenticate files signed
with a preload header.
This tool is also used in the tests to actually verify the
authenticity of the file signed with such a preload header.
Paul HENRYS (6):
rsa: Add rsa_verify_openssl() to use openssl for host builds
image: Add an inline declaration of unmap_sysmem()
boot: Add support of the pre-load signature for host tools
tools: Add preload_check_sign to authenticate images with a pre-load
configs: Enable the pre-load signature in tools-only_defconfig
binman: Authenticate the image when testing the preload signature
[...]
Applied to u-boot/next, thanks!
Unfortunately this breaks macOS building:
https://dev.azure.com/u-boot/u-boot/_build/results?buildId=10614&view=logs&j=35eccd4a-c7e0-5052-1111-1aa0b6b36326&t=e725091b-e4d8-5b5a-ef22-f51d8214ad12
And so I need to revert this from -next, sorry.
In the pipeline, I see you seem to be building against openssl 1.1:
/usr/local/opt/*[email protected]*/include/openssl/x509.h:962:17: note:
'EVP_PKEY_get_attr' declared here
X509_ATTRIBUTE *EVP_PKEY_get_attr(const EVP_PKEY *key, int loc);
OpenSSL 1.1 is deprecated and I based the implementation on OpenSSL 3
APIs. Should I update the implementation to also support OpenSSL 1.1 APIs?
Best regards,
Paul
