[PATCH v5 16/29] efi: Correct dependency on FIT_SIGNATURE
Simon Glass
sjg at chromium.org
Sun Sep 26 03:43:29 CEST 2021
At present EFI_SECURE BOOT selects RSA but does not necessarily enable
FIT_SIGNATURE. Mostly this is fine, but a few boards do not enable it,
so U-Boot tries to do RSA verification when loading FIT images, but it
is not enabled.
This worked because the condition for checking the RSA signature is
wrong in the fit_image_verify_with_data() function. In order to fix it
we need to fix this dependency. Make sure that FIT_SIGNATURE is enabled
so that RSA can be used.
It might be better to avoid using 'select' in this situation.
Signed-off-by: Simon Glass <sjg at chromium.org>
---
(no changes since v1)
lib/efi_loader/Kconfig | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/lib/efi_loader/Kconfig b/lib/efi_loader/Kconfig
index 14bf5f7e92e..c1cc143f354 100644
--- a/lib/efi_loader/Kconfig
+++ b/lib/efi_loader/Kconfig
@@ -343,7 +343,7 @@ config EFI_LOAD_FILE2_INITRD
config EFI_SECURE_BOOT
bool "Enable EFI secure boot support"
- depends on EFI_LOADER
+ depends on EFI_LOADER && FIT_SIGNATURE
select HASH
select SHA256
select RSA
--
2.33.0.685.g46640cef36-goog
More information about the U-Boot
mailing list