Thanks, applied as 0ed30d1e9f2d7270830cd207a1e05c09273997d6. Michael
[sent from post-receive hook] On Sat, 17 May 2025 00:02:53 +0200, Alexander Dahl <[email protected]> wrote: > Apart from bugfixes this is mostly interesting for mkimage ability to > image signing. Option -o for specifying the signing algorithm was added > with v2022.04. Signing 'auto' FITs was added with v2022.10, support for > signed configurations in 'auto' FIT was added in v2023.04, proper pkcs11 > uri support was added with v2024.01 and fixed with v2024.04, and finally > ability to auto sign scripts in fit images came with v2024.10. > > Note, without the fix to ptxd_make_fit_image we would get a lot of > warnings like this: > > WARNING: Legacy URI specified. Please add 'pkcs11:'. > WARNING: Legacy URI specified. Please add 'pkcs11:'. > WARNING: Legacy URI specified. Please add 'pkcs11:'. > > Noteworthy changes: > > - v2021.10-rc1-59-g62b27a561c2 ("mkimage: use environment variable > MKIMAGE_SIGN_PIN to set pin for OpenSSL Engine") > - v2021.10-730-g6b7b9ff14da ("configs: add mkeficapsule to > tools-only_defconfig") > - v2022.01-705-g5902a397d02 ("mkimage: Allow to specify the signature > algorithm on the command line") > - v2022.01-818-g2d2384bbaff ("tools: mkimage: Show where signatures/keys are > written") > - v2022.04-rc1-326-g9af16cc8f1a ("tools: build mkeficapsule with > tools-only_defconfig") > - v2022.04-rc3-43-g5017f9b595d ("mkimage: error handling for FIT image") > - v2022.07-rc1-294-gdeb2638aa09 ("mkimage: Document misc options") > - v2022.07-rc4-74-g87b0af9317c ("mkimage: Support signing 'auto' FITs") > - v2023.01-892-gb93a65209c4 ("mkimage: fit: Support signed configurations in > 'auto' FITs") > - v2024.01-rc5-560-gece85cc0202 ("rsa: use pkcs11 uri as defined in rfc7512") > - v2024.01-806-g03e598263e3 ("tools: fix build without LIBCRYPTO support") > - v2024.01-958-g11ad2bbfa2d ("lib: rsa: Fix PKCS11 URI if one is not given in > `keydir`) > - v2024.01-959-gf055d6e8f0d ("lib: rsa: Allow legacy URI specification > without "pkcs11:"") > - v2024.07-677-g6074f6e8578 ("mkimage: Allow 'auto-conf' signing of scripts") > > (zlib license text had one duplicate empty line remove with 2024.10.) > > Signed-off-by: Alexander Dahl <[email protected]> > Message-Id: <[email protected]> > Signed-off-by: Michael Olbrich <[email protected]> > > diff --git a/rules/host-u-boot-tools.in b/rules/host-u-boot-tools.in > index 55fc9f56e987..0cf37ed6614a 100644 > --- a/rules/host-u-boot-tools.in > +++ b/rules/host-u-boot-tools.in > @@ -2,5 +2,6 @@ > > config HOST_U_BOOT_TOOLS > tristate > + select HOST_GNUTLS > select HOST_OPENSSL > default y if ALLYES > diff --git a/rules/u-boot-tools.make b/rules/u-boot-tools.make > index 597ea5e30075..f71219d884b7 100644 > --- a/rules/u-boot-tools.make > +++ b/rules/u-boot-tools.make > @@ -14,8 +14,8 @@ PACKAGES-$(PTXCONF_U_BOOT_TOOLS) += u-boot-tools > # > # Paths and names > # > -U_BOOT_TOOLS_VERSION := 2020.07 > -U_BOOT_TOOLS_MD5 := 86e51eeccd15e658ad1df943a0edf622 > +U_BOOT_TOOLS_VERSION := 2025.04 > +U_BOOT_TOOLS_MD5 := da2cd684d4aa6195015fecd3efb1d0f0 > U_BOOT_TOOLS := u-boot-$(U_BOOT_TOOLS_VERSION) > U_BOOT_TOOLS_SUFFIX := tar.bz2 > U_BOOT_TOOLS_URL := > https://ftp.denx.de/pub/u-boot/$(U_BOOT_TOOLS).$(U_BOOT_TOOLS_SUFFIX) > @@ -25,7 +25,7 @@ U_BOOT_TOOLS_PKGDIR := > $(PKGDIR)/u-boot-tools-$(U_BOOT_TOOLS_VERSION) > U_BOOT_TOOLS_LICENSE := GPL-2.0-or-later AND Zlib > U_BOOT_TOOLS_LICENSE_FILES := \ > file://Licenses/gpl-2.0.txt;md5=b234ee4d69f5fce4486a80fdaf4a4263 \ > - > file://include/u-boot/zlib.h;startline=15;endline=43;md5=7c27ae0384929249664da410d539a1dc > + > file://include/u-boot/zlib.h;startline=15;endline=42;md5=0ce30a522a630f7e637ea6d74422b320 > > # > ---------------------------------------------------------------------------- > # Prepare > diff --git a/scripts/lib/ptxd_make_fit_image.sh > b/scripts/lib/ptxd_make_fit_image.sh > index 4b99e6fbfec3..ad9e5bdd380a 100644 > --- a/scripts/lib/ptxd_make_fit_image.sh > +++ b/scripts/lib/ptxd_make_fit_image.sh > @@ -126,13 +126,6 @@ ptxd_make_image_fit() { > > if [ -n "${image_sign_role}" ]; then > pkcs11_uri=$(cs_get_uri "${image_sign_role}") > - > - # > - # It would have been too simple for mkimage to just take a > - # PKCS#11 URI. We must drop the "pkcs11:" prefix which U-Boot > - # then adds again. > - # > - pkcs11_uri=$(echo "${pkcs11_uri}" | sed "s/pkcs11://") > sign_args=( -k "${pkcs11_uri}" ) > fi >
