On Mon, Feb 24, 2025 at 09:07:28PM +0100, Paul HENRYS wrote: > Hi Tom, > > On 24/02/2025 17:31, Tom Rini wrote: > > On Fri, Feb 21, 2025 at 11:38:18AM -0600, Tom Rini wrote: > > > > > On Wed, 12 Feb 2025 10:31:20 +0100, Paul HENRYS wrote: > > > > > > > This serie of patches adds a new tool to authenticate files signed > > > > with a preload header. > > > > This tool is also used in the tests to actually verify the > > > > authenticity of the file signed with such a preload header. > > > > > > > > Paul HENRYS (6): > > > > rsa: Add rsa_verify_openssl() to use openssl for host builds > > > > image: Add an inline declaration of unmap_sysmem() > > > > boot: Add support of the pre-load signature for host tools > > > > tools: Add preload_check_sign to authenticate images with a pre-load > > > > configs: Enable the pre-load signature in tools-only_defconfig > > > > binman: Authenticate the image when testing the preload signature > > > > > > > > [...] > > > Applied to u-boot/next, thanks! > > Unfortunately this breaks macOS building: > > https://dev.azure.com/u-boot/u-boot/_build/results?buildId=10614&view=logs&j=35eccd4a-c7e0-5052-1111-1aa0b6b36326&t=e725091b-e4d8-5b5a-ef22-f51d8214ad12 > > > > And so I need to revert this from -next, sorry. > > > In the pipeline, I see you seem to be building against openssl 1.1: > > /usr/local/opt/*[email protected]*/include/openssl/x509.h:962:17: note: > 'EVP_PKEY_get_attr' declared here > X509_ATTRIBUTE *EVP_PKEY_get_attr(const EVP_PKEY *key, int loc); > > > OpenSSL 1.1 is deprecated and I based the implementation on OpenSSL 3 APIs. > Should I update the implementation to also support OpenSSL 1.1 APIs?
I don't know enough about what is / isn't safe to assume people will do for macOS to say for sure. We do this to setup the environment: brew install make ossp-uuid So if we should instead be saying something else to install a newer ssl via brew (and update the flags in the build line), that's fine too. -- Tom
signature.asc
Description: PGP signature
