[PATCH v5 4/5] Kconfig: FIT_SIGNATURE should not select RSA_VERIFY
Alexandru Gagniuc
mr.nuke.me at gmail.com
Mon May 17 20:39:03 CEST 2021
FIT signatures can now be implemented with ECDSA. The assumption that
all FIT images are signed with RSA is no longer valid. Thus, instead
of 'select'ing RSA, only 'imply' it. This doesn't change the defaults,
but allows one to explicitly disable RSA support.
Signed-off-by: Alexandru Gagniuc <mr.nuke.me at gmail.com>
Reviewed-by: Simon Glass <sjg at chromium.org>
---
common/Kconfig.boot | 8 ++++----
1 file changed, 4 insertions(+), 4 deletions(-)
diff --git a/common/Kconfig.boot b/common/Kconfig.boot
index 03a6e6f214..1527e3e600 100644
--- a/common/Kconfig.boot
+++ b/common/Kconfig.boot
@@ -76,8 +76,8 @@ config FIT_SIGNATURE
bool "Enable signature verification of FIT uImages"
depends on DM
select HASH
- select RSA
- select RSA_VERIFY
+ imply RSA
+ imply RSA_VERIFY
select IMAGE_SIGN_INFO
select FIT_FULL_CHECK
help
@@ -186,8 +186,8 @@ config SPL_FIT_SIGNATURE
select SPL_FIT
select SPL_CRYPTO_SUPPORT
select SPL_HASH_SUPPORT
- select SPL_RSA
- select SPL_RSA_VERIFY
+ imply SPL_RSA
+ imply SPL_RSA_VERIFY
select SPL_IMAGE_SIGN_INFO
select SPL_FIT_FULL_CHECK
--
2.31.1
More information about the U-Boot
mailing list