[U-Boot] [PATCH v4 1/6] lib: rsa: decouple rsa from FIT image verification

Tom Rini trini at konsulko.com
Sat Dec 7 01:25:47 CET 2019 

On Thu, Nov 21, 2019 at 09:11:16AM +0900, AKASHI Takahiro wrote:

> Introduce new configuration, CONFIG_RSA_VERIFY which will decouple building
> RSA functions from FIT verification and allow for adding a RSA-based
> signature verification for other file formats, in particular PE file
> for UEFI secure boot.
> 
> Signed-off-by: AKASHI Takahiro <takahiro.akashi at linaro.org>
> Reviewed-by: Simon Glass <sjg at chromium.org>
> ---
>  Kconfig                |   1 +
>  common/Makefile        |   3 +-
>  common/image-fit-sig.c | 417 +++++++++++++++++++++++++++++++++++++++++
>  common/image-fit.c     |   6 +-
>  common/image-sig.c     | 396 --------------------------------------
>  include/image.h        |  13 +-
>  lib/rsa/Kconfig        |  12 ++
>  lib/rsa/Makefile       |   2 +-
>  lib/rsa/rsa-verify.c   |  78 +++++---
>  tools/Makefile         |   2 +-
>  10 files changed, 493 insertions(+), 437 deletions(-)
>  create mode 100644 common/image-fit-sig.c

OK, the way this works today we see things like:
            T1042RDB_PI_NAND_SECURE_BOOT: all +706 data +88 rodata +58 spl/u-boot-spl:all +704 spl/u-boot-spl:data +144 spl/u-boot-spl:text +560 text +560
               u-boot: add: 8/0, grow: 0/0 bytes: 584/0 (584)
                 function                                   old     new   delta
                 hash_calculate                               -     192    +192
                 padding_pkcs_15_verify                       -     184    +184
                 rsa_verify                                   -     104    +104
                 crypto_algos                                 -      40     +40
                 checksum_algos                               -      40     +40
                 rsa_sign                                     -       8      +8
                 rsa_add_verify_data                          -       8      +8
                 padding_algos                                -       8      +8
               spl-u-boot-spl: add: 10/0, grow: 0/0 bytes: 618/0 (618)
                 function                                   old     new   delta
                 hash_calculate                               -     192    +192
                 padding_pkcs_15_verify                       -     184    +184
                 rsa_verify                                   -     104    +104
                 crypto_algos                                 -      40     +40
                 checksum_algos                               -      40     +40
                 sha256_der_prefix                            -      19     +19
                 sha1_der_prefix                              -      15     +15
                 rsa_sign                                     -       8      +8
                 rsa_add_verify_data                          -       8      +8
                 padding_algos                                -       8      +8

Which seems wrong, we should be making any changes here opt-in, yes?  Thanks!

-- 
Tom
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: not available
URL: <https://lists.denx.de/pipermail/u-boot/attachments/20191206/0ec13c61/attachment.sig>

More information about the U-Boot mailing list