[RFC PATCH v1] lib: rsa: introduce RSA_SOFTWARE_EXP_TINY

Igor Opaniuk igor.opaniuk at foundries.io
Fri Apr 16 10:10:38 CEST 2021


From: Igor Opaniuk <igor.opaniuk at foundries.io>

Introduce RSA_SOFTWARE_EXP_TINY Kconfig option, which does not require
DM to be enabled. This can be handy on devices, where SPL + signed
U-Boot FIT image setup is used, where it isn't possible to enable SPL_DM
mainly due to SRAM size constraits.

For example, on iMX8MM with this option enabled and SPL_DM disabled
it's possible to save almost 11Kb:

With RSA_SOFTWARE_EXP_TINY enabled:
spl/u-boot-spl-nodtb.bin 99824

Without:
spl/u-boot-spl-nodtb.bin 111088

Signed-off-by: Igor Opaniuk <igor.opaniuk at foundries.io>
---

 lib/rsa/Kconfig      | 11 ++++++++++-
 lib/rsa/rsa-verify.c |  8 ++++----
 2 files changed, 14 insertions(+), 5 deletions(-)

diff --git a/lib/rsa/Kconfig b/lib/rsa/Kconfig
index a90d67e5a8..03692b73bb 100644
--- a/lib/rsa/Kconfig
+++ b/lib/rsa/Kconfig
@@ -1,7 +1,8 @@
 config RSA
 	bool "Use RSA Library"
 	select RSA_FREESCALE_EXP if FSL_CAAM && !ARCH_MX7 && !ARCH_MX6 && !ARCH_MX5
-	select RSA_SOFTWARE_EXP if !RSA_FREESCALE_EXP
+	select RSA_SOFTWARE_EXP if !RSA_FREESCALE_EXP && DM
+	select RSA_SOFTWARE_EXP_TINY if !RSA_FREESCALE_EXP && !DM
 	help
 	  RSA support. This enables the RSA algorithm used for FIT image
 	  verification in U-Boot.
@@ -45,6 +46,14 @@ config RSA_VERIFY_WITH_PKEY
 	  directly specified in image_sign_info, where all the necessary
 	  key properties will be calculated on the fly in verification code.
 
+config RSA_SOFTWARE_EXP_TINY
+	bool "Enable non-DM RSA Modular Exponentiation software implementation"
+	help
+	  Enable modular exponentiation implementation in software, which
+	  does not require Driver Model to be enabled. This is a RSA algorithm
+	  used in FIT image verification. It required RSA Key as input.
+	  See doc/uImage.FIT/signature.txt for more details.
+
 config RSA_SOFTWARE_EXP
 	bool "Enable driver for RSA Modular Exponentiation in software"
 	depends on DM
diff --git a/lib/rsa/rsa-verify.c b/lib/rsa/rsa-verify.c
index aee76f42d5..0162253636 100644
--- a/lib/rsa/rsa-verify.c
+++ b/lib/rsa/rsa-verify.c
@@ -319,7 +319,7 @@ static int rsa_verify_key(struct image_sign_info *info,
 			  const uint32_t key_len)
 {
 	int ret;
-#if !defined(USE_HOSTCC)
+#if !(defined(USE_HOSTCC) || defined(RSA_SOFTWARE_EXP_TINY))
 	struct udevice *mod_exp_dev;
 #endif
 	struct checksum_algo *checksum = info->checksum;
@@ -346,7 +346,9 @@ static int rsa_verify_key(struct image_sign_info *info,
 	uint8_t buf[sig_len];
 	hash_len = checksum->checksum_len;
 
-#if !defined(USE_HOSTCC)
+#if defined(USE_HOSTCC) || defined(RSA_SOFTWARE_EXP_TINY)
+	ret = rsa_mod_exp_sw(sig, sig_len, prop, buf);
+#else
 	ret = uclass_get_device(UCLASS_MOD_EXP, 0, &mod_exp_dev);
 	if (ret) {
 		printf("RSA: Can't find Modular Exp implementation\n");
@@ -354,8 +356,6 @@ static int rsa_verify_key(struct image_sign_info *info,
 	}
 
 	ret = rsa_mod_exp(mod_exp_dev, sig, sig_len, prop, buf);
-#else
-	ret = rsa_mod_exp_sw(sig, sig_len, prop, buf);
 #endif
 	if (ret) {
 		debug("Error in Modular exponentation\n");
-- 
2.25.1



More information about the U-Boot mailing list