@@ 8,7 8,8 @@ This reverts commit b4f3cc2c42d97967a3a3c8796c340f6b07ecccac.
Addendum 2022-12-08, Ricardo Wurmus: This patch has been updated to introduce
CONFIG_FIT_PRELOAD to remove fit_pre_load_data, which depends on openssl.
-Addendum 2023-10-17, Herman Rimm: Update patch for u-boot v2023.10.
+Addendum 2024-01-18, Herman Rimm: Patch updated to leave out upstreamed
+diffs with CONFIG_FIT_PRELOAD.
diff --git a/tools/kwbimage.c b/tools/kwbimage.c
index 4dce495ff0..976174ae77 100644
@@ 145,64 146,3 @@ index 4dce495ff0..976174ae77 100644
/* Calculate and set the header checksum */
main_hdr->checksum = image_checksum8(main_hdr, headersz);
---- a/tools/image-host.c
-+++ b/tools/image-host.c
-@@ -14,8 +14,10 @@
- #include <image.h>
- #include <version.h>
-
-+#ifdef CONFIG_FIT_PRELOAD
- #include <openssl/pem.h>
- #include <openssl/evp.h>
-+#endif
-
- /**
- * fit_set_hash_value - set hash value in requested has node
-@@ -1119,6 +1121,7 @@ static int fit_config_add_verification_data(const char *keydir,
- return 0;
- }
-
-+#ifdef CONFIG_FIT_PRELOAD
- /*
- * 0) open file (open)
- * 1) read certificate (PEM_read_X509)
-@@ -1227,6 +1230,7 @@ int fit_pre_load_data(const char *keydir, void *keydest, void *fit)
- out:
- return ret;
- }
-+#endif
-
- int fit_cipher_data(const char *keydir, void *keydest, void *fit,
- const char *comment, int require_keys,
---- a/tools/fit_image.c
-+++ b/tools/fit_image.c
-@@ -61,9 +61,10 @@ static int fit_add_file_data(struct image_tool_params *params, size_t size_inc,
- ret = fit_set_timestamp(ptr, 0, time);
- }
-
-+#ifdef CONFIG_FIT_PRELOAD
- if (!ret)
- ret = fit_pre_load_data(params->keydir, dest_blob, ptr);
--
-+#endif
- if (!ret) {
- ret = fit_cipher_data(params->keydir, dest_blob, ptr,
- params->comment,
---- a/include/image.h
-+++ b/include/image.h
-@@ -1182,6 +1182,7 @@ int fit_image_hash_get_value(const void *fit, int noffset, uint8_t **value,
-
- int fit_set_timestamp(void *fit, int noffset, time_t timestamp);
-
-+#ifdef CONFIG_FIT_PRELOAD
- /**
- * fit_pre_load_data() - add public key to fdt blob
- *
-@@ -1196,6 +1197,7 @@ int fit_set_timestamp(void *fit, int noffset, time_t timestamp);
- * < 0, on failure
- */
- int fit_pre_load_data(const char *keydir, void *keydest, void *fit);
-+#endif
-
- int fit_cipher_data(const char *keydir, void *keydest, void *fit,
- const char *comment, int require_keys,
@@ 0,0 1,123 @@
+From 03e598263e3878b6f5d58f5525577903edadc644 Mon Sep 17 00:00:00 2001
+From: Paul-Erwan Rio <paulerwan.rio@gmail.com>
+Date: Thu, 21 Dec 2023 08:26:11 +0100
+Subject: [PATCH] tools: fix build without LIBCRYPTO support
+
+Commit cb9faa6f98ae ("tools: Use a single target-independent config to
+enable OpenSSL") introduced a target-independent configuration to build
+crypto features in host tools.
+
+But since commit 2c21256b27d7 ("hash: Use Kconfig to enable hashing in
+host tools and SPL") the build without OpenSSL is broken, due to FIT
+signature/encryption features. Add missing conditional compilation
+tokens to fix this.
+
+Signed-off-by: Paul-Erwan Rio <paulerwan.rio@gmail.com>
+Tested-by: Alexander Dahl <ada@thorsis.com>
+Cc: Simon Glass <sjg@chromium.org>
+Reviewed-by: Tom Rini <trini@konsulko.com>
+Reviewed-by: Simon Glass <sjg@chromium.org>
+---
+ include/image.h | 2 +-
+ tools/Kconfig | 1 +
+ tools/fit_image.c | 2 +-
+ tools/image-host.c | 4 ++++
+ tools/mkimage.c | 5 +++--
+ 5 files changed, 10 insertions(+), 4 deletions(-)
+
+diff --git a/include/image.h b/include/image.h
+index 432ec927b1..21de70f0c9 100644
+--- a/include/image.h
++++ b/include/image.h
+@@ -1465,7 +1465,7 @@ int calculate_hash(const void *data, int data_len, const char *algo,
+ * device
+ */
+ #if defined(USE_HOSTCC)
+-# if defined(CONFIG_FIT_SIGNATURE)
++# if CONFIG_IS_ENABLED(FIT_SIGNATURE)
+ # define IMAGE_ENABLE_SIGN 1
+ # define FIT_IMAGE_ENABLE_VERIFY 1
+ # include <openssl/evp.h>
+diff --git a/tools/Kconfig b/tools/Kconfig
+index f8632cd59d..f01ed783e6 100644
+--- a/tools/Kconfig
++++ b/tools/Kconfig
+@@ -51,6 +51,7 @@ config TOOLS_FIT_RSASSA_PSS
+ Support the rsassa-pss signature scheme in the tools builds
+
+ config TOOLS_FIT_SIGNATURE
++ depends on TOOLS_LIBCRYPTO
+ def_bool y
+ help
+ Enable signature verification of FIT uImages in the tools builds
+diff --git a/tools/fit_image.c b/tools/fit_image.c
+index 71e031c855..beef1fa86e 100644
+--- a/tools/fit_image.c
++++ b/tools/fit_image.c
+@@ -61,7 +61,7 @@ static int fit_add_file_data(struct image_tool_params *params, size_t size_inc,
+ ret = fit_set_timestamp(ptr, 0, time);
+ }
+
+- if (!ret)
++ if (CONFIG_IS_ENABLED(FIT_SIGNATURE) && !ret)
+ ret = fit_pre_load_data(params->keydir, dest_blob, ptr);
+
+ if (!ret) {
+diff --git a/tools/image-host.c b/tools/image-host.c
+index ca4950312f..90bc9f905f 100644
+--- a/tools/image-host.c
++++ b/tools/image-host.c
+@@ -14,8 +14,10 @@
+ #include <image.h>
+ #include <version.h>
+
++#if CONFIG_IS_ENABLED(FIT_SIGNATURE)
+ #include <openssl/pem.h>
+ #include <openssl/evp.h>
++#endif
+
+ /**
+ * fit_set_hash_value - set hash value in requested has node
+@@ -1131,6 +1133,7 @@ static int fit_config_add_verification_data(const char *keydir,
+ return 0;
+ }
+
++#if CONFIG_IS_ENABLED(FIT_SIGNATURE)
+ /*
+ * 0) open file (open)
+ * 1) read certificate (PEM_read_X509)
+@@ -1239,6 +1242,7 @@ int fit_pre_load_data(const char *keydir, void *keydest, void *fit)
+ out:
+ return ret;
+ }
++#endif
+
+ int fit_cipher_data(const char *keydir, void *keydest, void *fit,
+ const char *comment, int require_keys,
+diff --git a/tools/mkimage.c b/tools/mkimage.c
+index 6dfe3e1d42..ac62ebbde9 100644
+--- a/tools/mkimage.c
++++ b/tools/mkimage.c
+@@ -115,7 +115,7 @@ static void usage(const char *msg)
+ " -B => align size in hex for FIT structure and header\n"
+ " -b => append the device tree binary to the FIT\n"
+ " -t => update the timestamp in the FIT\n");
+-#ifdef CONFIG_FIT_SIGNATURE
++#if CONFIG_IS_ENABLED(FIT_SIGNATURE)
+ fprintf(stderr,
+ "Signing / verified boot options: [-k keydir] [-K dtb] [ -c <comment>] [-p addr] [-r] [-N engine]\n"
+ " -k => set directory containing private keys\n"
+@@ -130,8 +130,9 @@ static void usage(const char *msg)
+ " -o => algorithm to use for signing\n");
+ #else
+ fprintf(stderr,
+- "Signing / verified boot not supported (CONFIG_FIT_SIGNATURE undefined)\n");
++ "Signing / verified boot not supported (CONFIG_TOOLS_FIT_SIGNATURE undefined)\n");
+ #endif
++
+ fprintf(stderr, " %s -V ==> print version information and exit\n",
+ params.cmdname);
+ fprintf(stderr, "Use '-T list' to see a list of available image types\n");
+--
+2.41.0
+
@@ 1,232 0,0 @@
-Upstream status: https://patchwork.ozlabs.org/project/uboot/patch/20231013030633.7191-1-maxim.cournoyer@gmail.com/
-
-From f83a5e07b0934e38cbee923e0c5b7fc0a890926c Mon Sep 17 00:00:00 2001
-From: Maxim Cournoyer <maxim.cournoyer@gmail.com>
-Date: Thu, 12 Oct 2023 17:04:25 -0400
-Subject: [PATCH] patman: Add a 'keep_change_id' setting
-
-A Change-Id can be useful for traceability purposes, and some projects
-may wish to have them preserved. This change makes it configurable
-via a new 'keep_change_id' setting.
-
-Series-version: 2
-Series-changes: 2
-- Add missing argument to send parser
----
- tools/patman/__main__.py | 2 ++
- tools/patman/control.py | 12 +++++++++---
- tools/patman/patchstream.py | 17 ++++++++++++-----
- tools/patman/patman.rst | 11 ++++++-----
- tools/patman/test_checkpatch.py | 16 ++++++++++++++++
- 5 files changed, 45 insertions(+), 13 deletions(-)
-
-diff --git a/tools/patman/__main__.py b/tools/patman/__main__.py
-index 8eba5d3486..197ac1aad1 100755
---- a/tools/patman/__main__.py
-+++ b/tools/patman/__main__.py
-@@ -103,6 +103,8 @@ send.add_argument('--no-signoff', action='store_false', dest='add_signoff',
- default=True, help="Don't add Signed-off-by to patches")
- send.add_argument('--smtp-server', type=str,
- help="Specify the SMTP server to 'git send-email'")
-+send.add_argument('--keep-change-id', action='store_true',
-+ help='Preserve Change-Id tags in patches to send.')
-
- send.add_argument('patchfiles', nargs='*')
-
-diff --git a/tools/patman/control.py b/tools/patman/control.py
-index 916ddf8fcf..b292da9dc2 100644
---- a/tools/patman/control.py
-+++ b/tools/patman/control.py
-@@ -16,11 +16,14 @@ from patman import gitutil
- from patman import patchstream
- from u_boot_pylib import terminal
-
-+
- def setup():
- """Do required setup before doing anything"""
- gitutil.setup()
-
--def prepare_patches(col, branch, count, start, end, ignore_binary, signoff):
-+
-+def prepare_patches(col, branch, count, start, end, ignore_binary, signoff,
-+ keep_change_id=False):
- """Figure out what patches to generate, then generate them
-
- The patch files are written to the current directory, e.g. 0001_xxx.patch
-@@ -35,6 +38,7 @@ def prepare_patches(col, branch, count, start, end, ignore_binary, signoff):
- end (int): End patch to use (0=last one in series, 1=one before that,
- etc.)
- ignore_binary (bool): Don't generate patches for binary files
-+ keep_change_id (bool): Preserve the Change-Id tag.
-
- Returns:
- Tuple:
-@@ -59,11 +63,12 @@ def prepare_patches(col, branch, count, start, end, ignore_binary, signoff):
- branch, start, to_do, ignore_binary, series, signoff)
-
- # Fix up the patch files to our liking, and insert the cover letter
-- patchstream.fix_patches(series, patch_files)
-+ patchstream.fix_patches(series, patch_files, keep_change_id)
- if cover_fname and series.get('cover'):
- patchstream.insert_cover_letter(cover_fname, series, to_do)
- return series, cover_fname, patch_files
-
-+
- def check_patches(series, patch_files, run_checkpatch, verbose, use_tree):
- """Run some checks on a set of patches
-
-@@ -166,7 +171,8 @@ def send(args):
- col = terminal.Color()
- series, cover_fname, patch_files = prepare_patches(
- col, args.branch, args.count, args.start, args.end,
-- args.ignore_binary, args.add_signoff)
-+ args.ignore_binary, args.add_signoff,
-+ keep_change_id=args.keep_change_id)
- ok = check_patches(series, patch_files, args.check_patch,
- args.verbose, args.check_patch_use_tree)
-
-diff --git a/tools/patman/patchstream.py b/tools/patman/patchstream.py
-index f91669a940..e2e2a83e67 100644
---- a/tools/patman/patchstream.py
-+++ b/tools/patman/patchstream.py
-@@ -68,6 +68,7 @@ STATE_PATCH_SUBJECT = 1 # In patch subject (first line of log for a commit)
- STATE_PATCH_HEADER = 2 # In patch header (after the subject)
- STATE_DIFFS = 3 # In the diff part (past --- line)
-
-+
- class PatchStream:
- """Class for detecting/injecting tags in a patch or series of patches
-
-@@ -76,7 +77,7 @@ class PatchStream:
- unwanted tags or inject additional ones. These correspond to the two
- phases of processing.
- """
-- def __init__(self, series, is_log=False):
-+ def __init__(self, series, is_log=False, keep_change_id=False):
- self.skip_blank = False # True to skip a single blank line
- self.found_test = False # Found a TEST= line
- self.lines_after_test = 0 # Number of lines found after TEST=
-@@ -86,6 +87,7 @@ class PatchStream:
- self.section = [] # The current section...END section
- self.series = series # Info about the patch series
- self.is_log = is_log # True if indent like git log
-+ self.keep_change_id = keep_change_id # True to keep Change-Id tags
- self.in_change = None # Name of the change list we are in
- self.change_version = 0 # Non-zero if we are in a change list
- self.change_lines = [] # Lines of the current change
-@@ -452,6 +454,8 @@ class PatchStream:
-
- # Detect Change-Id tags
- elif change_id_match:
-+ if self.keep_change_id:
-+ out = [line]
- value = change_id_match.group(1)
- if self.is_log:
- if self.commit.change_id:
-@@ -763,7 +767,7 @@ def get_metadata_for_test(text):
- pst.finalise()
- return series
-
--def fix_patch(backup_dir, fname, series, cmt):
-+def fix_patch(backup_dir, fname, series, cmt, keep_change_id=False):
- """Fix up a patch file, by adding/removing as required.
-
- We remove our tags from the patch file, insert changes lists, etc.
-@@ -776,6 +780,7 @@ def fix_patch(backup_dir, fname, series, cmt):
- fname (str): Filename to patch file to process
- series (Series): Series information about this patch set
- cmt (Commit): Commit object for this patch file
-+ keep_change_id (bool): Keep the Change-Id tag.
-
- Return:
- list: A list of errors, each str, or [] if all ok.
-@@ -783,7 +788,7 @@ def fix_patch(backup_dir, fname, series, cmt):
- handle, tmpname = tempfile.mkstemp()
- outfd = os.fdopen(handle, 'w', encoding='utf-8')
- infd = open(fname, 'r', encoding='utf-8')
-- pst = PatchStream(series)
-+ pst = PatchStream(series, keep_change_id=keep_change_id)
- pst.commit = cmt
- pst.process_stream(infd, outfd)
- infd.close()
-@@ -795,7 +800,7 @@ def fix_patch(backup_dir, fname, series, cmt):
- shutil.move(tmpname, fname)
- return cmt.warn
-
--def fix_patches(series, fnames):
-+def fix_patches(series, fnames, keep_change_id=False):
- """Fix up a list of patches identified by filenames
-
- The patch files are processed in place, and overwritten.
-@@ -803,6 +808,7 @@ def fix_patches(series, fnames):
- Args:
- series (Series): The Series object
- fnames (:type: list of str): List of patch files to process
-+ keep_change_id (bool): Keep the Change-Id tag.
- """
- # Current workflow creates patches, so we shouldn't need a backup
- backup_dir = None #tempfile.mkdtemp('clean-patch')
-@@ -811,7 +817,8 @@ def fix_patches(series, fnames):
- cmt = series.commits[count]
- cmt.patch = fname
- cmt.count = count
-- result = fix_patch(backup_dir, fname, series, cmt)
-+ result = fix_patch(backup_dir, fname, series, cmt,
-+ keep_change_id=keep_change_id)
- if result:
- print('%d warning%s for %s:' %
- (len(result), 's' if len(result) > 1 else '', fname))
-diff --git a/tools/patman/patman.rst b/tools/patman/patman.rst
-index 038b651ee8..a8b317eed6 100644
---- a/tools/patman/patman.rst
-+++ b/tools/patman/patman.rst
-@@ -371,11 +371,12 @@ Series-process-log: sort, uniq
- Separate each tag with a comma.
-
- Change-Id:
-- This tag is stripped out but is used to generate the Message-Id
-- of the emails that will be sent. When you keep the Change-Id the
-- same you are asserting that this is a slightly different version
-- (but logically the same patch) as other patches that have been
-- sent out with the same Change-Id.
-+ This tag is used to generate the Message-Id of the emails that
-+ will be sent. When you keep the Change-Id the same you are
-+ asserting that this is a slightly different version (but logically
-+ the same patch) as other patches that have been sent out with the
-+ same Change-Id. The Change-Id tag line is removed from outgoing
-+ patches, unless the `keep_change_id` settings is set to `True`.
-
- Various other tags are silently removed, like these Chrome OS and
- Gerrit tags::
-diff --git a/tools/patman/test_checkpatch.py b/tools/patman/test_checkpatch.py
-index a8bb364e42..59a53ef8ca 100644
---- a/tools/patman/test_checkpatch.py
-+++ b/tools/patman/test_checkpatch.py
-@@ -160,6 +160,22 @@ Signed-off-by: Simon Glass <sjg@chromium.org>
-
- rc = os.system('diff -u %s %s' % (inname, expname))
- self.assertEqual(rc, 0)
-+ os.remove(inname)
-+
-+ # Test whether the keep_change_id settings works.
-+ inhandle, inname = tempfile.mkstemp()
-+ infd = os.fdopen(inhandle, 'w', encoding='utf-8')
-+ infd.write(data)
-+ infd.close()
-+
-+ patchstream.fix_patch(None, inname, series.Series(), com,
-+ keep_change_id=True)
-+
-+ with open(inname, 'r') as f:
-+ content = f.read()
-+ self.assertIn(
-+ 'Change-Id: I80fe1d0c0b7dd10aa58ce5bb1d9290b6664d5413',
-+ content)
-
- os.remove(inname)
- os.remove(expname)
-
-base-commit: f9a47ac8d97da2b3aaf463f268a9a872a8d921df
---
-2.41.0
-