[PATCH 010/149] rsa-verify: Rework host check for CONFIG_RSA_VERIFY_WITH_PKEY

Simon Glass sjg at chromium.org
Sun Dec 4 22:17:00 CET 2022


Hi Tom,

On Mon, 5 Dec 2022 at 04:07, Tom Rini <trini at konsulko.com> wrote:
>
> While we do not want to use CONFIG_RSA_VERIFY_WITH_PKEY on the host, we
> cannot undef the symbol in this manner. As this ends up only being a
> single location in a file that already has other checks for HOST_CC, add
> one more HOST_CC check instead.
>
> Signed-off-by: Tom Rini <trini at konsulko.com>
> ---
>  lib/rsa/rsa-verify.c | 7 ++-----
>  1 file changed, 2 insertions(+), 5 deletions(-)
>
> diff --git a/lib/rsa/rsa-verify.c b/lib/rsa/rsa-verify.c
> index 9605c376390a..0662235be6f1 100644
> --- a/lib/rsa/rsa-verify.c
> +++ b/lib/rsa/rsa-verify.c
> @@ -23,18 +23,13 @@
>  #include <u-boot/rsa-mod-exp.h>
>  #include <u-boot/rsa.h>
>
> -#ifndef __UBOOT__
>  /*
>   * NOTE:
>   * Since host tools, like mkimage, make use of openssl library for
>   * RSA encryption, rsa_verify_with_pkey()/rsa_gen_key_prop() are
>   * of no use and should not be compiled in.
> - * So just turn off CONFIG_RSA_VERIFY_WITH_PKEY.
>   */
>
> -#undef CONFIG_RSA_VERIFY_WITH_PKEY
> -#endif
> -
>  /* Default public exponent for backward compatibility */
>  #define RSA_DEFAULT_PUBEXP     65537
>
> @@ -506,6 +501,7 @@ int rsa_verify_hash(struct image_sign_info *info,
>  {
>         int ret = -EACCES;
>
> +#if !defined(USE_HOSTCC)

you can use

if tools_build()

here, I believe. I've been trying to avoid #if USE_HOSTCC

>         if (CONFIG_IS_ENABLED(RSA_VERIFY_WITH_PKEY) && !info->fdt_blob) {
>                 /* don't rely on fdt properties */
>                 ret = rsa_verify_with_pkey(info, hash, sig, sig_len);
> @@ -513,6 +509,7 @@ int rsa_verify_hash(struct image_sign_info *info,
>                         debug("%s: rsa_verify_with_pkey() failed\n", __func__);
>                 return ret;
>         }
> +#endif
>
>         if (CONFIG_IS_ENABLED(FIT_SIGNATURE)) {
>                 const void *blob = info->fdt_blob;
> --
> 2.25.1
>

Regards,
Simon


More information about the U-Boot mailing list