[PATCH v2 37/50] image: Drop IMAGE_ENABLE_SIGN/VERIFY defines
sjg at chromium.org
Fri May 14 22:44:35 CEST 2021
On Fri, 14 May 2021 at 14:38, Alex G. <mr.nuke.me at gmail.com> wrote:
> On 5/6/21 9:24 AM, Simon Glass wrote:
> > Add host Kconfigs for FIT_SIGN and RSA_VERIFY. With these we can use
> > CONFIG_IS_ENABLED() directly in the host build, so drop the unnecessary
> > indirections IMAGE_ENABLE_SIGN and HOST_RSA_VERIFY. Also drop
> > FIT_IMAGE_ENABLE_VERIFY which is not actually used.
> > Leave IMAGE_ENABLE_VERIFY_ECDSA along since this feature is incomplete
> > and needs to be integrated with RSA.
> > Signed-off-by: Simon Glass <sjg at chromium.org>
> > ---
> > (no changes since v1)
> > common/image-fit.c | 6 +++---
> > common/image-sig.c | 10 +++++-----
> > include/image.h | 13 ++-----------
> > include/u-boot/ecdsa.h | 2 +-
> > include/u-boot/rsa.h | 4 ++--
> > tools/Kconfig | 10 ++++++++++
> > tools/image-host.c | 4 ++--
> > 7 files changed, 25 insertions(+), 24 deletions(-)
> > diff --git a/common/image-fit.c b/common/image-fit.c
> > index c13ff6bba24..e81a0858dc1 100644
> > --- a/common/image-fit.c
> > +++ b/common/image-fit.c
> > @@ -1301,7 +1301,7 @@ int fit_image_verify_with_data(const void *fit, int image_noffset,
> > int ret;
> > /* Verify all required signatures */
> > - if (FIT_IMAGE_ENABLE_VERIFY &&
> > + if (CONFIG_IS_ENABLED(RSA_VERIFY) &&
> NAK. Having verification depend directly on CONFIG_RSA_VERIFY will make
> adding ECDSA support that much more convoluted.
Let me counter-NAK.
The ECDSA needs to be integrated into the RSA stuff, as we have done
with hashing. E.g. CONFIG_VERIFY that enables the feature, with a
driver to select which methods are supported.
I think I mentioned that in the original review.
More information about the U-Boot