[Mod] First commit

package/vboot-utils/0001-Add-missing-definition-of-MTD_CHAR_MAJOR.patch

@@ -0,0 +1,30 @@
+From 1438211660e700b2c9505863aae1cc957236b7c8 Mon Sep 17 00:00:00 2001
+From: Alex Suykov <alex.suykov@gmail.com>
+Date: Thu, 21 Jan 2016 21:59:46 +0100
+Subject: [PATCH] Add missing definition of MTD_CHAR_MAJOR
+
+This definition missing from <linux/major.h> for kernels <= 3.13
+
+Signed-off-by: Alex Suykov <alex.suykov@gmail.com>
+---
+ cgpt/cgpt_wrapper.c | 4 ++++
+ 1 file changed, 4 insertions(+)
+
+diff --git a/cgpt/cgpt_wrapper.c b/cgpt/cgpt_wrapper.c
+index dcfaab9..4d07aad 100644
+--- a/cgpt/cgpt_wrapper.c
++++ b/cgpt/cgpt_wrapper.c
+@@ -25,6 +25,10 @@
+ #include "cgpt_nor.h"
+ #include "cryptolib.h"
+ 
++#ifndef MTD_CHAR_MAJOR
++#define MTD_CHAR_MAJOR 90
++#endif
++
+ // Check if cmdline |argv| has "-D". "-D" signifies that GPT structs are stored
+ // off device, and hence we should not wrap around cgpt.
+ static bool has_dash_D(int argc, const char *const argv[]) {
+-- 
+2.6.4
+

package/vboot-utils/0002-Add-missing-header-include-for-ssize_t.patch

@@ -0,0 +1,27 @@
+From b6bed8d4e9453bc74ba021c8c17e20c3b5964c37 Mon Sep 17 00:00:00 2001
+From: Alex Suykov <alex.suykov@gmail.com>
+Date: Thu, 21 Jan 2016 22:00:34 +0100
+Subject: [PATCH] Add missing header include for ssize_t
+
+The code uses ssize_t which is usually defined in <unistd.h>.
+
+Signed-off-by: Alex Suykov <alex.suykov@gmail.com>
+---
+ host/lib/fmap.c | 1 +
+ 1 file changed, 1 insertion(+)
+
+diff --git a/host/lib/fmap.c b/host/lib/fmap.c
+index c95338d..e3db826 100644
+--- a/host/lib/fmap.c
++++ b/host/lib/fmap.c
+@@ -6,6 +6,7 @@
+ 
+ #include <stdio.h>
+ #include <string.h>
++#include <unistd.h>
+ 
+ #include "fmap.h"
+ 
+-- 
+2.6.4
+

package/vboot-utils/0003-Avoid-RSA-type-redefinition.patch

@@ -0,0 +1,44 @@
+From 593407d2b3ea3b871d55ec399671e48c84b900a7 Mon Sep 17 00:00:00 2001
+From: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
+Date: Thu, 21 Jan 2016 22:01:37 +0100
+Subject: [PATCH] Avoid RSA type redefinition
+
+The host_key.h headers does:
+
+  typedef struct rsa_st RSA;
+
+But this type definition is already done by the OpenSSL headers.
+
+While such a type redefinition is legal with recent gcc versions, it
+doesn't build with older gcc versions such as gcc 4.4.
+
+To work around this problem, we instead use a forward declaration of
+"struct rsa_st", and change the only place where the RSA type was used
+by "struct rsa_st".
+
+Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
+---
+ host/lib/include/host_key.h | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/host/lib/include/host_key.h b/host/lib/include/host_key.h
+index 9f98ccc..c2d01a5 100644
+--- a/host/lib/include/host_key.h
++++ b/host/lib/include/host_key.h
+@@ -12,11 +12,11 @@
+ #include "vboot_struct.h"
+ 
+ 
+-typedef struct rsa_st RSA;
++struct rsa_st;
+ 
+ /* Private key data */
+ typedef struct VbPrivateKey {
+-  RSA* rsa_private_key;  /* Private key data */
++  struct rsa_rt* rsa_private_key;  /* Private key data */
+   uint64_t algorithm;    /* Algorithm to use when signing */
+ } VbPrivateKey;
+ 
+-- 
+2.6.4
+

package/vboot-utils/0004-Disable-static-futility.patch

@@ -0,0 +1,30 @@
+The package attempts to build a statically-linked host binary, futility_s,
+which is not used anywhere in buildroot but may be causing build failures
+if the build host lacks static libc.
+
+Signed-off-by: Alex Suykov <alex.suykov@gmail.com>
+
+--- a/Makefile
++++ b/Makefile
+@@ -1079,7 +1079,7 @@
+ # new Firmware Utility
+ 
+ .PHONY: futil
+-futil: ${FUTIL_STATIC_BIN} ${FUTIL_BIN}
++futil: ${FUTIL_BIN}
+ 
+ ${FUTIL_STATIC_BIN}: ${FUTIL_STATIC_OBJS} ${UTILLIB}
+ 	@${PRINTF} "    LD            $(subst ${BUILD}/,,$@)\n"
+@@ -1091,10 +1091,10 @@
+ 	${Q}${LD} -o $@ ${CFLAGS} ${LDFLAGS} $^ ${LDLIBS}
+ 
+ .PHONY: futil_install
+-futil_install: ${FUTIL_BIN} ${FUTIL_STATIC_BIN}
++futil_install: ${FUTIL_BIN}
+ 	@${PRINTF} "    INSTALL       futility\n"
+ 	${Q}mkdir -p ${UB_DIR}
+-	${Q}${INSTALL} -t ${UB_DIR} ${FUTIL_BIN} ${FUTIL_STATIC_BIN}
++	${Q}${INSTALL} -t ${UB_DIR} ${FUTIL_BIN}
+ 	${Q}for prog in ${FUTIL_SYMLINKS}; do \
+ 		ln -sf futility "${UB_DIR}/$$prog"; done
+ 

package/vboot-utils/0005-include-sys-sysmacros.h-for-major.patch

@@ -0,0 +1,51 @@
+From 435fbcee218b37a87368e2b22fa33366875d458c Mon Sep 17 00:00:00 2001
+From: Mike Frysinger <vapier@chromium.org>
+Date: Tue, 19 Apr 2016 13:58:49 -0400
+Subject: [PATCH] include sys/sysmacros.h for major()
+
+The major() func is defined in the sys/sysmacros.h header, so include it
+explicitly for the prototype.  Upstream C libs are moving away from having
+sys/types.h include it all the time implicitly.
+
+BUG=None
+TEST=precq passes
+BRANCH=None
+
+Change-Id: I56b84138f08ded2376193403f9c9db22c5f24f71
+Reviewed-on: https://chromium-review.googlesource.com/339680
+Commit-Ready: Mike Frysinger <vapier@chromium.org>
+Tested-by: Mike Frysinger <vapier@chromium.org>
+Reviewed-by: Bill Richardson <wfrichar@google.com>
+Signed-off-by: Giulio Benetti <giulio.benetti@micronovasrl.com>
+---
+ cgpt/cgpt_wrapper.c               | 1 +
+ futility/dump_kernel_config_lib.c | 1 +
+ 2 files changed, 2 insertions(+)
+
+diff --git a/cgpt/cgpt_wrapper.c b/cgpt/cgpt_wrapper.c
+index dcfaab9c..1716cdde 100644
+--- a/cgpt/cgpt_wrapper.c
++++ b/cgpt/cgpt_wrapper.c
+@@ -18,6 +18,7 @@
+ #include <stdio.h>
+ #include <string.h>
+ #include <sys/stat.h>
++#include <sys/sysmacros.h>
+ #include <sys/types.h>
+ #include <unistd.h>
+ 
+diff --git a/futility/dump_kernel_config_lib.c b/futility/dump_kernel_config_lib.c
+index 4fe990c3..abf37ae1 100644
+--- a/futility/dump_kernel_config_lib.c
++++ b/futility/dump_kernel_config_lib.c
+@@ -10,6 +10,7 @@
+ #include <string.h>
+ #include <sys/mman.h>
+ #include <sys/stat.h>
++#include <sys/sysmacros.h>
+ #include <sys/types.h>
+ #include <unistd.h>
+ 
+-- 
+2.17.1
+

package/vboot-utils/0006-Update-for-openssl-1.1.patch

@@ -0,0 +1,268 @@
+From 2e730b2259c701f16d473dbfb7e58e86a6e71b01 Mon Sep 17 00:00:00 2001
+From: Daniel Kurtz <djkurtz@chromium.org>
+Date: Fri, 18 Jan 2019 13:04:59 +0200
+Subject: [PATCH] Update for openssl 1.1
+
+OpenSSL 1.1 has made significant non-backwards compatible changes to its
+API as outlined in:
+https://wiki.openssl.org/index.php/OpenSSL_1.1.0_Changes
+
+BRANCH=none
+BUG=chromium:738114
+TEST=cros_workon --host start vboot_reference
+TEST=w/ openssl-1.0.2k: sudo emerge vboot_reference
+TEST=w/ openssl-1.1.0e: sudo emerge vboot_reference
+ => both build ok
+ $ futility version
+  => command runs without error
+TEST=cros_workon --board=soraka start vboot_reference coreboot
+TEST=w/ openssl-1.0.2k: emerge-soraka vboot_reference coreboot
+TEST=w/ openssl-1.1.0e: emerge-soraka vboot_reference coreboot
+ => All build ok
+
+Change-Id: I37cfc8cbb04a092eab7b0b3224f475b82609447c
+Reviewed-on: https://chromium-review.googlesource.com/557739
+Commit-Ready: Daniel Kurtz <djkurtz@chromium.org>
+Tested-by: Daniel Kurtz <djkurtz@chromium.org>
+Reviewed-by: Randall Spangler <rspangler@chromium.org>
+Reviewed-by: Mike Frysinger <vapier@chromium.org>
+
+(cherry-picked from bce7904376beee2912932433a4634c1c25afe2f5)
+Signed-off-by: Vadim Kochan <vadim4j@gmail.com>
+---
+ futility/cmd_create.c         |  5 ++++-
+ futility/vb2_helper.c         |  7 +++++--
+ host/include/openssl_compat.h | 26 ++++++++++++++++++++++++++
+ host/lib/util_misc.c          |  7 +++++--
+ host/lib21/host_key.c         |  8 +++++++-
+ utility/dumpRSAPublicKey.c    | 19 ++++++++++++++-----
+ 6 files changed, 61 insertions(+), 11 deletions(-)
+ create mode 100644 host/include/openssl_compat.h
+
+diff --git a/futility/cmd_create.c b/futility/cmd_create.c
+index 143ea9ae..80d3fd90 100644
+--- a/futility/cmd_create.c
++++ b/futility/cmd_create.c
+@@ -13,6 +13,7 @@
+ #include "2common.h"
+ #include "2id.h"
+ #include "2rsa.h"
++#include "openssl_compat.h"
+ #include "util_misc.h"
+ #include "vb2_common.h"
+ #include "vb2_struct.h"
+@@ -170,6 +171,7 @@ static int vb2_make_keypair()
+ 	enum vb2_signature_algorithm sig_alg;
+ 	uint8_t *pubkey_buf = 0;
+ 	int has_priv = 0;
++	const BIGNUM *rsa_d;
+ 
+ 	FILE *fp;
+ 	int ret = 1;
+@@ -193,7 +195,8 @@ static int vb2_make_keypair()
+ 		goto done;
+ 	}
+ 	/* Public keys doesn't have the private exponent */
+-	has_priv = !!rsa_key->d;
++	RSA_get0_key(rsa_key, NULL, NULL, &rsa_d);
++	has_priv = !!rsa_d;
+ 	if (!has_priv)
+ 		fprintf(stderr, "%s has a public key only.\n", infile);
+ 
+diff --git a/futility/vb2_helper.c b/futility/vb2_helper.c
+index 51a78375..c6cc0fdd 100644
+--- a/futility/vb2_helper.c
++++ b/futility/vb2_helper.c
+@@ -11,6 +11,7 @@
+ #include "2common.h"
+ #include "2id.h"
+ #include "2rsa.h"
++#include "openssl_compat.h"
+ #include "util_misc.h"
+ #include "vb2_common.h"
+ #include "vb2_struct.h"
+@@ -216,6 +217,7 @@ int ft_show_pem(const char *name, uint8_t *buf, uint32_t len, void *data)
+ 	uint8_t *keyb, *digest;
+ 	uint32_t keyb_len;
+ 	int i, bits;
++	const BIGNUM *rsa_key_n, *rsa_key_d;
+ 
+ 	/* We're called only after ft_recognize_pem, so this should work. */
+ 	rsa_key = rsa_from_buffer(buf, len);
+@@ -223,10 +225,11 @@ int ft_show_pem(const char *name, uint8_t *buf, uint32_t len, void *data)
+ 		DIE;
+ 
+ 	/* Use to presence of the private exponent to decide if it's public */
+-	printf("%s Key file:      %s\n", rsa_key->d ? "Private" : "Public",
++	RSA_get0_key(rsa_key, &rsa_key_n, NULL, &rsa_key_d);
++	printf("%s Key file:      %s\n", rsa_key_d ? "Private" : "Public",
+ 					 name);
+ 
+-	bits = BN_num_bits(rsa_key->n);
++	bits = BN_num_bits(rsa_key_n);
+ 	printf("  Key length:          %d\n", bits);
+ 
+ 	if (vb_keyb_from_rsa(rsa_key, &keyb, &keyb_len)) {
+diff --git a/host/include/openssl_compat.h b/host/include/openssl_compat.h
+new file mode 100644
+index 00000000..7771f32a
+--- /dev/null
++++ b/host/include/openssl_compat.h
+@@ -0,0 +1,26 @@
++/* Copyright 2017 The Chromium OS Authors. All rights reserved.
++ * Use of this source code is governed by a BSD-style license that can be
++ * found in the LICENSE file.
++ */
++
++#ifndef VBOOT_REFERENCE_OPENSSL_COMPAT_H_
++#define VBOOT_REFERENCE_OPENSSL_COMPAT_H_
++
++#include <openssl/rsa.h>
++
++#if OPENSSL_VERSION_NUMBER < 0x10100000L
++
++static inline void RSA_get0_key(const RSA *rsa, const BIGNUM **n,
++				const BIGNUM **e, const BIGNUM **d)
++{
++	if (n != NULL)
++		*n = rsa->n;
++	if (e != NULL)
++		*e = rsa->e;
++	if (d != NULL)
++		*d = rsa->d;
++}
++
++#endif  /* OPENSSL_VERSION_NUMBER < 0x10100000L */
++
++#endif  /* VBOOT_REFERENCE_OPENSSL_COMPAT_H_ */
+diff --git a/host/lib/util_misc.c b/host/lib/util_misc.c
+index 03ec683f..f0a1f7ad 100644
+--- a/host/lib/util_misc.c
++++ b/host/lib/util_misc.c
+@@ -15,6 +15,7 @@
+ 
+ #include "cryptolib.h"
+ #include "host_common.h"
++#include "openssl_compat.h"
+ #include "util_misc.h"
+ #include "vboot_common.h"
+ 
+@@ -58,6 +59,7 @@ int vb_keyb_from_rsa(struct rsa_st *rsa_private_key,
+ 	BIGNUM *N0inv = NULL, *R = NULL, *RR = NULL;
+ 	BIGNUM *RRTemp = NULL, *NnumBits = NULL;
+ 	BIGNUM *n = NULL, *rr = NULL;
++	const BIGNUM *rsa_private_key_n;
+ 	BN_CTX *bn_ctx = BN_CTX_new();
+ 	uint32_t n0invout;
+ 	uint32_t bufsize;
+@@ -65,7 +67,7 @@ int vb_keyb_from_rsa(struct rsa_st *rsa_private_key,
+ 	int retval = 1;
+ 
+ 	/* Size of RSA key in 32-bit words */
+-	nwords = BN_num_bits(rsa_private_key->n) / 32;
++	nwords = RSA_size(rsa_private_key) / 4;
+ 
+ 	bufsize = (2 + nwords + nwords) * sizeof(uint32_t);
+ 	outbuf = malloc(bufsize);
+@@ -94,7 +96,8 @@ int vb_keyb_from_rsa(struct rsa_st *rsa_private_key,
+ 	NEW_BIGNUM(B);
+ #undef NEW_BIGNUM
+ 
+-	BN_copy(N, rsa_private_key->n);
++	RSA_get0_key(rsa_private_key, &rsa_private_key_n, NULL, NULL);
++	BN_copy(N, rsa_private_key_n);
+ 	BN_set_word(Big1, 1L);
+ 	BN_set_word(Big2, 2L);
+ 	BN_set_word(Big32, 32L);
+diff --git a/host/lib21/host_key.c b/host/lib21/host_key.c
+index f7ea1622..f9419ad3 100644
+--- a/host/lib21/host_key.c
++++ b/host/lib21/host_key.c
+@@ -17,6 +17,7 @@
+ #include "host_common.h"
+ #include "host_key2.h"
+ #include "host_misc.h"
++#include "openssl_compat.h"
+ 
+ struct vb2_text_vs_enum vb2_text_vs_algorithm[] = {
+ 	{"RSA1024 SHA1",   VB2_ALG_RSA1024_SHA1},
+@@ -544,7 +545,12 @@ int vb2_public_key_hash(struct vb2_public_key *key,
+ 
+ enum vb2_signature_algorithm vb2_rsa_sig_alg(struct rsa_st *rsa)
+ {
+-	int bits = BN_num_bits(rsa->n);
++	const BIGNUM *e, *n;
++	int exp, bits;
++
++	RSA_get0_key(rsa, &n, &e, NULL);
++	exp = BN_get_word(e);
++	bits = BN_num_bits(n);
+ 
+ 	switch (bits) {
+ 	case 1024:
+diff --git a/utility/dumpRSAPublicKey.c b/utility/dumpRSAPublicKey.c
+index b3b7b96b..a17b159e 100644
+--- a/utility/dumpRSAPublicKey.c
++++ b/utility/dumpRSAPublicKey.c
+@@ -14,14 +14,20 @@
+ #include <string.h>
+ #include <unistd.h>
+ 
++#include "openssl_compat.h"
++
+ /* Command line tool to extract RSA public keys from X.509 certificates
+  * and output a pre-processed version of keys for use by RSA verification
+  * routines.
+  */
+ 
+ int check(RSA* key) {
+-  int public_exponent = BN_get_word(key->e);
+-  int modulus = BN_num_bits(key->n);
++  const BIGNUM *n, *e;
++  int public_exponent, modulus;
++
++  RSA_get0_key(key, &n, &e, NULL);
++  public_exponent = BN_get_word(e);
++  modulus = BN_num_bits(n);
+ 
+   if (public_exponent != 65537) {
+     fprintf(stderr, "WARNING: Public exponent should be 65537 (but is %d).\n",
+@@ -40,7 +46,8 @@ int check(RSA* key) {
+  */
+ void output(RSA* key) {
+   int i, nwords;
+-  BIGNUM *N = key->n;
++  const BIGNUM *key_n;
++  BIGNUM *N = NULL;
+   BIGNUM *Big1 = NULL, *Big2 = NULL, *Big32 = NULL, *BigMinus1 = NULL;
+   BIGNUM *B = NULL;
+   BIGNUM *N0inv= NULL, *R = NULL, *RR = NULL, *RRTemp = NULL, *NnumBits = NULL;
+@@ -48,14 +55,15 @@ void output(RSA* key) {
+   BN_CTX *bn_ctx = BN_CTX_new();
+   uint32_t n0invout;
+ 
+-  N = key->n;
+   /* Output size of RSA key in 32-bit words */
+-  nwords = BN_num_bits(N) / 32;
++  nwords = RSA_size(key) / 4;
+   if (-1 == write(1, &nwords, sizeof(nwords)))
+     goto failure;
+ 
+ 
+   /* Initialize BIGNUMs */
++  RSA_get0_key(key, &key_n, NULL, NULL);
++  N = BN_dup(key_n);
+   Big1 = BN_new();
+   Big2 = BN_new();
+   Big32 = BN_new();
+@@ -120,6 +128,7 @@ void output(RSA* key) {
+ 
+ failure:
+   /* Free BIGNUMs. */
++  BN_free(N);
+   BN_free(Big1);
+   BN_free(Big2);
+   BN_free(Big32);
+-- 
+2.14.1
+

package/vboot-utils/0007-Make-vboot_version-extern-in-header.patch

@@ -0,0 +1,50 @@
+From df4d2000a22db673a788b8e57e8e7c0cc3cee777 Mon Sep 17 00:00:00 2001
+From: Leonard Chan <leonardchan@google.com>
+Date: Thu, 3 Oct 2019 18:53:04 -0700
+Subject: [PATCH] Make vboot_version extern in header
+
+When enabling `-fno-common` in Fuchsia, we get a bunch of linker errors
+when linking futility:
+
+```
+ld.lld: error: duplicate symbol: vboot_version
+>>> defined at futility.h:43 (../../third_party/vboot_reference/futility/futility.h:43)
+>>>            host_x63-asan_no_detect_leaks/obj/third_party/vboot_reference/futility/futility.cmd_bdb.c.o:(vboot_version)
+>>> defined at futility.h:43 (../../third_party/vboot_reference/futility/futility.h:43)
+>>>            host_x64-asan_no_detect_leaks/obj/third_party/vboot_reference/futility/futility.cmd_create.c.o:(.bss.vboot_version+0x0)
+```
+
+and think this is because -fno-common places vboot_version for
+unitialized global variables in the BSS section of each object file.
+Making it extern instead resolves each reference to its definition in
+futility/misc.c.
+
+Change-Id: I591f07abd1f975a8a9d078bb4366e2e0861390b4
+Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/1839207
+Reviewed-by: Julius Werner <jwerner@chromium.org>
+Reviewed-by: Joel Kitching <kitching@chromium.org>
+Commit-Queue: Julius Werner <jwerner@chromium.org>
+Tested-by: Julius Werner <jwerner@chromium.org>
+
+Patch taken from upstream: https://chromium.googlesource.com/chromiumos/platform/vboot_reference/+/df4d2000a22db673a788b8e57e8e7c0cc3cee777
+Signed-off-by: Heiko Thiery <heiko.thiery@gmail.com>
+---
+ futility/futility.h | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/futility/futility.h b/futility/futility.h
+index 3bce1106..5dc426dd 100644
+--- a/futility/futility.h
++++ b/futility/futility.h
+@@ -41,7 +41,7 @@ enum vboot_version  {
+ };
+ 
+ /* What's our preferred API & data format? */
+-enum vboot_version vboot_version;
++extern enum vboot_version vboot_version;
+ 
+ /* Here's a structure to define the commands that futility implements. */
+ struct futil_cmd_t {
+-- 
+2.20.1
+

package/vboot-utils/Config.in.host

@@ -0,0 +1,7 @@
+config BR2_PACKAGE_HOST_VBOOT_UTILS
+	bool "host vboot utils"
+	select BR2_PACKAGE_HOST_UTIL_LINUX
+	help
+	  Chromium OS verified boot utilities: futility and cgpt.
+
+	  https://www.chromium.org/chromium-os/chromiumos-design-docs/verified-boot

package/vboot-utils/vboot-utils.hash

@@ -0,0 +1,3 @@
+# Locally computed
+sha256  9cdeaa2e4e1190c0cd200e1b07d394e5d24f57cc0efffdce861d5de934035bf7  vboot-utils-bbdd62f9b030db7ad8eef789aaf58a7ff9a25656-br1.tar.gz
+sha256  cb9dc8e96aedf9120b6757a60387db10f3c1a8e3fd97bb9d0f11327be5a7ed4d  LICENSE

package/vboot-utils/vboot-utils.mk

@@ -0,0 +1,43 @@
+################################################################################
+#
+# vboot-utils
+#
+################################################################################
+
+VBOOT_UTILS_VERSION = bbdd62f9b030db7ad8eef789aaf58a7ff9a25656
+VBOOT_UTILS_SITE = https://chromium.googlesource.com/chromiumos/platform/vboot_reference
+VBOOT_UTILS_SITE_METHOD = git
+VBOOT_UTILS_LICENSE = BSD-3-Clause
+VBOOT_UTILS_LICENSE_FILES = LICENSE
+
+HOST_VBOOT_UTILS_DEPENDENCIES = host-openssl host-util-linux host-pkgconf
+
+# vboot_reference contains code that goes into bootloaders,
+# utilities intended for the target system, and a bunch of scripts
+# for Chromium OS build system. Most of that does not make sense
+# in a buildroot host-package.
+#
+# We only need futility for signing images, the keys, and cgpt for boot
+# media partitioning.
+#
+# make target for futility is "futil".
+#
+# The value of ARCH is only relevant for crossystem (a target tool) and
+# does not affect futil or cgpt in any way as long as it is one of the
+# supported targets.
+
+define HOST_VBOOT_UTILS_BUILD_CMDS
+	$(HOST_MAKE_ENV) $(MAKE) -C $(@D) \
+		CC="$(HOSTCC)" \
+		CFLAGS="$(HOST_CFLAGS) -D_LARGEFILE64_SOURCE -D_GNU_SOURCE" \
+		LDFLAGS="$(HOST_LDFLAGS)" \
+		ARCH=arm \
+		futil cgpt
+endef
+
+define HOST_VBOOT_UTILS_INSTALL_CMDS
+	$(HOST_MAKE_ENV) $(MAKE) -C $(@D) DESTDIR=$(HOST_DIR) \
+		futil_install cgpt_install devkeys_install
+endef
+
+$(eval $(host-generic-package))