Hi Tom, On Mon, 5 Dec 2022 at 04:07, Tom Rini <tr...@konsulko.com> wrote: > > While we do not want to use CONFIG_RSA_VERIFY_WITH_PKEY on the host, we > cannot undef the symbol in this manner. As this ends up only being a > single location in a file that already has other checks for HOST_CC, add > one more HOST_CC check instead. > > Signed-off-by: Tom Rini <tr...@konsulko.com> > --- > lib/rsa/rsa-verify.c | 7 ++----- > 1 file changed, 2 insertions(+), 5 deletions(-) > > diff --git a/lib/rsa/rsa-verify.c b/lib/rsa/rsa-verify.c > index 9605c376390a..0662235be6f1 100644 > --- a/lib/rsa/rsa-verify.c > +++ b/lib/rsa/rsa-verify.c > @@ -23,18 +23,13 @@ > #include <u-boot/rsa-mod-exp.h> > #include <u-boot/rsa.h> > > -#ifndef __UBOOT__ > /* > * NOTE: > * Since host tools, like mkimage, make use of openssl library for > * RSA encryption, rsa_verify_with_pkey()/rsa_gen_key_prop() are > * of no use and should not be compiled in. > - * So just turn off CONFIG_RSA_VERIFY_WITH_PKEY. > */ > > -#undef CONFIG_RSA_VERIFY_WITH_PKEY > -#endif > - > /* Default public exponent for backward compatibility */ > #define RSA_DEFAULT_PUBEXP 65537 > > @@ -506,6 +501,7 @@ int rsa_verify_hash(struct image_sign_info *info, > { > int ret = -EACCES; > > +#if !defined(USE_HOSTCC)
you can use if tools_build() here, I believe. I've been trying to avoid #if USE_HOSTCC > if (CONFIG_IS_ENABLED(RSA_VERIFY_WITH_PKEY) && !info->fdt_blob) { > /* don't rely on fdt properties */ > ret = rsa_verify_with_pkey(info, hash, sig, sig_len); > @@ -513,6 +509,7 @@ int rsa_verify_hash(struct image_sign_info *info, > debug("%s: rsa_verify_with_pkey() failed\n", > __func__); > return ret; > } > +#endif > > if (CONFIG_IS_ENABLED(FIT_SIGNATURE)) { > const void *blob = info->fdt_blob; > -- > 2.25.1 > Regards, Simon