2021-10-16 09:41:35

by Ard Biesheuvel

[permalink] [raw]
Subject: Re: [PATCH] efi: select CRYPTO for EFI_EMBEDDED_FIRMWARE

(+ crypto folks)

On Fri, 15 Oct 2021 at 15:24, Vegard Nossum <[email protected]> wrote:
>
> Fix the following build warning:
>
> WARNING: unmet direct dependencies detected for CRYPTO_LIB_SHA256
> Depends on [n]: CRYPTO [=n]
> Selected by [y]:
> - EFI_EMBEDDED_FIRMWARE [=y] && EFI [=y]
>
> Fixes: f0df68d5bae88 ("efi: Add embedded peripheral firmware support")
> Cc: Hans de Goede <[email protected]>
> Signed-off-by: Vegard Nossum <[email protected]>

Hello Vegard,

I don't think this is the right fix, to be honest. The crypto library
functions have no dependencies at all on the crypto API, so I think it
would be better to do something like the below:

diff --git a/crypto/Kconfig b/crypto/Kconfig
index 536df4b6b825..b79de4820ce9 100644
--- a/crypto/Kconfig
+++ b/crypto/Kconfig
@@ -1919,9 +1919,10 @@ config CRYPTO_STATS
config CRYPTO_HASH_INFO
bool

-source "lib/crypto/Kconfig"
source "drivers/crypto/Kconfig"
source "crypto/asymmetric_keys/Kconfig"
source "certs/Kconfig"

endif # if CRYPTO
+
+source "lib/crypto/Kconfig"


> ---
> drivers/firmware/efi/Kconfig | 1 +
> 1 file changed, 1 insertion(+)
>
> diff --git a/drivers/firmware/efi/Kconfig b/drivers/firmware/efi/Kconfig
> index 2c3dac5ecb36d..f914da9845acc 100644
> --- a/drivers/firmware/efi/Kconfig
> +++ b/drivers/firmware/efi/Kconfig
> @@ -248,6 +248,7 @@ endmenu
> config EFI_EMBEDDED_FIRMWARE
> bool
> depends on EFI
> + select CRYPTO
> select CRYPTO_LIB_SHA256
>
> config UEFI_CPER
> --
> 2.23.0.718.g5ad94255a8
>


2021-10-17 16:25:01

by Eric Biggers

[permalink] [raw]
Subject: Re: [PATCH] efi: select CRYPTO for EFI_EMBEDDED_FIRMWARE

On Fri, Oct 15, 2021 at 03:55:01PM +0200, Ard Biesheuvel wrote:
> (+ crypto folks)
>
> On Fri, 15 Oct 2021 at 15:24, Vegard Nossum <[email protected]> wrote:
> >
> > Fix the following build warning:
> >
> > WARNING: unmet direct dependencies detected for CRYPTO_LIB_SHA256
> > Depends on [n]: CRYPTO [=n]
> > Selected by [y]:
> > - EFI_EMBEDDED_FIRMWARE [=y] && EFI [=y]
> >
> > Fixes: f0df68d5bae88 ("efi: Add embedded peripheral firmware support")
> > Cc: Hans de Goede <[email protected]>
> > Signed-off-by: Vegard Nossum <[email protected]>
>
> Hello Vegard,
>
> I don't think this is the right fix, to be honest. The crypto library
> functions have no dependencies at all on the crypto API, so I think it
> would be better to do something like the below:

Actually some of the crypto library functions need __crypto_xor() and
__crypto_memneq() which are only compiled when CRYPTO. So that will need to be
fixed by moving those functions to an appropriate place first.

- Eric