[PATCH v4 2/6] rsa: add CONFIG_RSA_VERIFY_WITH_PKEY config

Tue Jan 21 16:34:59 CET 2020

On Tue, Jan 21, 2020 at 01:29:58PM +0900, AKASHI Takahiro wrote:
> Tom, Simon,
> 
> On Fri, Jan 17, 2020 at 06:59:44AM +0100, Heinrich Schuchardt wrote:
> > On 1/17/20 3:24 AM, AKASHI Takahiro wrote:
> > >On Tue, Jan 14, 2020 at 12:43:40PM +0100, Heinrich Schuchardt wrote:
> > >>On 1/14/20 8:45 AM, AKASHI Takahiro wrote:
> > >>>On Wed, Jan 08, 2020 at 01:35:13PM +0100, Heinrich Schuchardt wrote:
> > >>>>On 11/21/19 1:11 AM, AKASHI Takahiro wrote:
> > >>>>>In the next couple of commits, under new CONFIG_RSA_VERIFY_WITH_PKEY,
> > >>>>>rsa_verify() will be extended to be able to perform RSA decryption without
> > >>>>>additional RSA key properties from FIT image, i.e. rr and n0inv.
> > >>>>>
> > >>>>>Signed-off-by: AKASHI Takahiro <takahiro.akashi at linaro.org>
> > >>>>>Reviewed-by: Simon Glass <sjg at chromium.org>
> > >>>>
> > >>>>The patch series does not build for some configurations.
> > >>>>
> > >>>>>---
> > >>>>>  lib/rsa/Kconfig | 14 ++++++++++++++
> > >>>>>  1 file changed, 14 insertions(+)
> > >>>>>
> > >>>>>diff --git a/lib/rsa/Kconfig b/lib/rsa/Kconfig
> > >>>>>index 03ffa2969048..71e4c06bf883 100644
> > >>>>>--- a/lib/rsa/Kconfig
> > >>>>>+++ b/lib/rsa/Kconfig
> > >>>>>@@ -30,6 +30,20 @@ config RSA_VERIFY
> > >>>>>  	help
> > >>>>>  	  Add RSA signature verification support.
> > >>>>>
> > >>>>>+config RSA_VERIFY_WITH_PKEY
> > >>>>
> > >>>>For CONFIG_RSA_VERIFY_WITH_PKEY=y and CONFIG_RSA_PUBLIC_KEY_PARSER=n
> > >>>>I get an error:
> > >>>
> > >>>This error is inevitable as both RSA_VERIFY_WITH_PKEY and
> > >>>RSA_PUBLIC_KEY_PARSER are "select"able configurations with
> > >>>visible prompts and then
> > >>
> > >>No, it is not inevitbable. Just ensure that in the Makefiles all modules
> > >>are selected that you need for your configuration.
> > >
> > >How?
> > >Can you please show me a simple solution?
> > 
> 
> Which is your choice as a maintainer/author of lib/rsa?
> 
> In my opinion,
> 
> > ifneq($(CONFIG_RSA_VERIFY_WITH_PKEY)$(CONFIG_RSA_PUBLIC_KEY_PARSER),)
> > obj-y += foo.o
> > endif
> 
> I will take this by a process of elimination.
> 
> > or
> > 
> > config RSA_VERIFY_WITH_PKEY
> > 	depends on RSA_PUBLIC_KEY_PARSER
> 
> I normally use "depends on" to select a subset feature of the target.
> 
> > or
> > 
> > config RSA_VERIFY_WITH_PKEY
> > 	select RSA_PUBLIC_KEY_PARSER
> 
> Nak, as I said, because RSA_PUBLIC_KEY_PARSER is a visible configuration symbol.

This is getting a bit complicated.  So, if and only if
RSA_VERIFY_WITH_PKEY and RSA_PUBLIC_KEY_PARSER can be functional without
the other enabled:
obj-$(CONFIG_RSA_VERIFY_WITH_PKEY) += verify-with-pkey.o common-thing.o
obj-$(CONFIG_RSA_PUBLIC_KEY_PARSER) += public-key-parser.o common-thing.o
and we don't need to do anything extra with depends/select.  There's
nothing wrong with listing an object multiple times, it gets sorted
correctly.

-- 
Tom
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: not available
URL: <https://lists.denx.de/pipermail/u-boot/attachments/20200121/13c000ca/attachment.sig>