[PATCH v5 4/5] Kconfig: FIT_SIGNATURE should not select RSA_VERIFY
Igor Opaniuk
igor.opaniuk at foundries.io
Mon May 17 21:10:26 CEST 2021
On Mon, May 17, 2021 at 9:40 PM Alexandru Gagniuc <mr.nuke.me at gmail.com> wrote:
>
> FIT signatures can now be implemented with ECDSA. The assumption that
> all FIT images are signed with RSA is no longer valid. Thus, instead
> of 'select'ing RSA, only 'imply' it. This doesn't change the defaults,
> but allows one to explicitly disable RSA support.
>
> Signed-off-by: Alexandru Gagniuc <mr.nuke.me at gmail.com>
> Reviewed-by: Simon Glass <sjg at chromium.org>
> ---
> common/Kconfig.boot | 8 ++++----
> 1 file changed, 4 insertions(+), 4 deletions(-)
>
> diff --git a/common/Kconfig.boot b/common/Kconfig.boot
> index 03a6e6f214..1527e3e600 100644
> --- a/common/Kconfig.boot
> +++ b/common/Kconfig.boot
> @@ -76,8 +76,8 @@ config FIT_SIGNATURE
> bool "Enable signature verification of FIT uImages"
> depends on DM
> select HASH
> - select RSA
> - select RSA_VERIFY
> + imply RSA
> + imply RSA_VERIFY
> select IMAGE_SIGN_INFO
> select FIT_FULL_CHECK
> help
> @@ -186,8 +186,8 @@ config SPL_FIT_SIGNATURE
> select SPL_FIT
> select SPL_CRYPTO_SUPPORT
> select SPL_HASH_SUPPORT
> - select SPL_RSA
> - select SPL_RSA_VERIFY
> + imply SPL_RSA
> + imply SPL_RSA_VERIFY
> select SPL_IMAGE_SIGN_INFO
> select SPL_FIT_FULL_CHECK
>
> --
> 2.31.1
>
Reviewed-by: Igor Opaniuk <igor.opaniuk at foundries.io>
--
Best regards - Freundliche Grüsse - Meilleures salutations
Igor Opaniuk
Embedded Software Engineer
T: +380 938364067
E: igor.opaniuk at foundries.io
W: www.foundries.io
More information about the U-Boot
mailing list