Hi Quentin, On Thu, 26 Feb 2026 at 07:54, Quentin Schulz <[email protected]> wrote: > > Hi Heinrich, > > On 2/25/26 1:21 PM, Heinrich Schuchardt wrote: > > On 2/25/26 10:06, Heinrich Schuchardt wrote: > >> On 2/25/26 09:37, Quentin Schulz wrote: > >>> Hi Heinrich, > >>> > >>> On 2/25/26 8:37 AM, Heinrich Schuchardt wrote: > >>>> Symbol CONFIG_VPL_CRYPTO does not exist. > >>> > >>> Correct but I have a hunch this was based off of SPL_FIT_SIGNATURE > >>> which does require crypto support, so I'm assuming VPL would too. > >>> > >>> But this symbol indeed never existed, and even if it did, it wouldn't > >>> compile anything else as far as I can tell since drivers/crypto is > >>> enabled by default in proper and only if CONFIG_SPL_CRYPTO is set for > >>> SPL, and only SPL (checking for !TPL and !VPL)... so something feels > >>> unfinished with VPL here to me. > >>> > >>> I'm not sure we're improving anything there but I don't think it > >>> makes things worse, as such > >>> > >>> Fixes: 4218456b3fac ("vbe: Add Kconfig options for VPL") > >>> > >>> Reviewed-by: Quentin Schulz <[email protected]> > >>> > >>> Thanks! > >>> Quentin > >> > >> Thank you for reviewing. > >> > >> There is a symbol CONFIG_VPL_MBEDTLS_LIB_CRYPTO that might be used but > >> then VPL_FIT_SIGNATURE support would have to depend on MBEDTLS. > >> > >> Maybe Simon can inform us what his design intention was. Adding a > >> defconfig actually testing VPL_FIT_SIGNATURE would be helpful. > >> > >> Best regards > >> > >> Heinrich > > > > There are more non-existent symbols implied by VPL_FIT_SIGNATURE > > > > imply VPL_RSA > > imply VPL_RSA_VERIFY > > > > @Tom > > I wonder why the VPL feature was suggested if it was never tested or > > used. Should we remove all of VPL? > > > > As far as I remember, VPL was a necessary step to add support for VBE > (Verified Boot for Embedded) that Simon was working on. I don't think it > got realized entirely (upstream I mean) which may explain the current > state of VPL symbols.
Heinrich asked me the same thing this morning. From my understanding, the penultimate series was applied but later reverted. The final series was never applied. It's in the Concept tree for now and is running fine on an rk3399 board: https://concept.u-boot.org/u-boot/u-boot/-/jobs/300379 If there is any interest in getting these two series in I could resend. Regards, Simon
