Refactor IMAGE_ENABLE_VERIFY to handle builds without SPL verification

If building with SPL_LOAD_FIT_FULL and FIT_SIGNATURE, but without
SPL_FIT_SIGNATURE then the build fails with:

  common/built-in.o: In function `fit_image_verify_with_data':
  common/image-fit.c:1220: undefined reference to `fit_image_verify_required_sigs'
  common/image-fit.c:1244: undefined reference to `fit_image_check_sig'
  common/built-in.o: In function `fit_image_load':
  common/image-fit.c:1857: undefined reference to `fit_config_verify'

Refactor so that host builds still depend on FIT_SIGNATURE, but target
builds check FIT_SIGNATURE/SPL_FIT_SIGNATURE dependent on the build.

Signed-off-by: Alex Kiernan <alex.kiernan@gmail.com>
Reviewed-by: Simon Glass <sjg@chromium.org>

diff --git a/include/image.h b/include/image.h
index 889305cbefdb932c994a290174f51fa850aa0832..54f2b58ac5220d0d64aa024512b56151a36d6eff 100644 (file)
--- a/include/image.h
+++ b/include/image.h
@@ -1072,18 +1072,18 @@ int calculate_hash(const void *data, int data_len, const char *algo,
  * At present we only support signing on the host, and verification on the
  * device
  */
-#if defined(CONFIG_FIT_SIGNATURE)
-# ifdef USE_HOSTCC
+#if defined(USE_HOSTCC)
+# if defined(CONFIG_FIT_SIGNATURE)
 #  define IMAGE_ENABLE_SIGN    1
 #  define IMAGE_ENABLE_VERIFY  1
-# include  <openssl/evp.h>
-#else
+#  include <openssl/evp.h>
+# else
 #  define IMAGE_ENABLE_SIGN    0
-#  define IMAGE_ENABLE_VERIFY  1
+#  define IMAGE_ENABLE_VERIFY  0
 # endif
 #else
 # define IMAGE_ENABLE_SIGN     0
-# define IMAGE_ENABLE_VERIFY   0
+# define IMAGE_ENABLE_VERIFY   CONFIG_IS_ENABLED(FIT_SIGNATURE)
 #endif
 
 #ifdef USE_HOSTCC