[RFC PATCH v1] lib: rsa: introduce RSA_SOFTWARE_EXP_TINY
Igor Opaniuk
igor.opaniuk at foundries.io
Fri Apr 16 10:10:38 CEST 2021
From: Igor Opaniuk <igor.opaniuk at foundries.io>
Introduce RSA_SOFTWARE_EXP_TINY Kconfig option, which does not require
DM to be enabled. This can be handy on devices, where SPL + signed
U-Boot FIT image setup is used, where it isn't possible to enable SPL_DM
mainly due to SRAM size constraits.
For example, on iMX8MM with this option enabled and SPL_DM disabled
it's possible to save almost 11Kb:
With RSA_SOFTWARE_EXP_TINY enabled:
spl/u-boot-spl-nodtb.bin 99824
Without:
spl/u-boot-spl-nodtb.bin 111088
Signed-off-by: Igor Opaniuk <igor.opaniuk at foundries.io>
---
lib/rsa/Kconfig | 11 ++++++++++-
lib/rsa/rsa-verify.c | 8 ++++----
2 files changed, 14 insertions(+), 5 deletions(-)
diff --git a/lib/rsa/Kconfig b/lib/rsa/Kconfig
index a90d67e5a8..03692b73bb 100644
--- a/lib/rsa/Kconfig
+++ b/lib/rsa/Kconfig
@@ -1,7 +1,8 @@
config RSA
bool "Use RSA Library"
select RSA_FREESCALE_EXP if FSL_CAAM && !ARCH_MX7 && !ARCH_MX6 && !ARCH_MX5
- select RSA_SOFTWARE_EXP if !RSA_FREESCALE_EXP
+ select RSA_SOFTWARE_EXP if !RSA_FREESCALE_EXP && DM
+ select RSA_SOFTWARE_EXP_TINY if !RSA_FREESCALE_EXP && !DM
help
RSA support. This enables the RSA algorithm used for FIT image
verification in U-Boot.
@@ -45,6 +46,14 @@ config RSA_VERIFY_WITH_PKEY
directly specified in image_sign_info, where all the necessary
key properties will be calculated on the fly in verification code.
+config RSA_SOFTWARE_EXP_TINY
+ bool "Enable non-DM RSA Modular Exponentiation software implementation"
+ help
+ Enable modular exponentiation implementation in software, which
+ does not require Driver Model to be enabled. This is a RSA algorithm
+ used in FIT image verification. It required RSA Key as input.
+ See doc/uImage.FIT/signature.txt for more details.
+
config RSA_SOFTWARE_EXP
bool "Enable driver for RSA Modular Exponentiation in software"
depends on DM
diff --git a/lib/rsa/rsa-verify.c b/lib/rsa/rsa-verify.c
index aee76f42d5..0162253636 100644
--- a/lib/rsa/rsa-verify.c
+++ b/lib/rsa/rsa-verify.c
@@ -319,7 +319,7 @@ static int rsa_verify_key(struct image_sign_info *info,
const uint32_t key_len)
{
int ret;
-#if !defined(USE_HOSTCC)
+#if !(defined(USE_HOSTCC) || defined(RSA_SOFTWARE_EXP_TINY))
struct udevice *mod_exp_dev;
#endif
struct checksum_algo *checksum = info->checksum;
@@ -346,7 +346,9 @@ static int rsa_verify_key(struct image_sign_info *info,
uint8_t buf[sig_len];
hash_len = checksum->checksum_len;
-#if !defined(USE_HOSTCC)
+#if defined(USE_HOSTCC) || defined(RSA_SOFTWARE_EXP_TINY)
+ ret = rsa_mod_exp_sw(sig, sig_len, prop, buf);
+#else
ret = uclass_get_device(UCLASS_MOD_EXP, 0, &mod_exp_dev);
if (ret) {
printf("RSA: Can't find Modular Exp implementation\n");
@@ -354,8 +356,6 @@ static int rsa_verify_key(struct image_sign_info *info,
}
ret = rsa_mod_exp(mod_exp_dev, sig, sig_len, prop, buf);
-#else
- ret = rsa_mod_exp_sw(sig, sig_len, prop, buf);
#endif
if (ret) {
debug("Error in Modular exponentation\n");
--
2.25.1
More information about the U-Boot
mailing list