[PATCHv2 010/149] rsa-verify: Rework host check for CONFIG_RSA_VERIFY_WITH_PKEY

AKASHI Takahiro takahiro.akashi at linaro.org
Tue Dec 6 03:59:06 CET 2022


On Sun, Dec 04, 2022 at 05:37:06PM -0500, Tom Rini wrote:
> While we do not want to use CONFIG_RSA_VERIFY_WITH_PKEY on the host, we
> cannot undef the symbol in this manner. As this ends up being a test
> within another function we can use !tools_build() as a test here.
> 
> Cc: Simon Glass <sjg at chromium.org>
> Signed-off-by: Tom Rini <trini at konsulko.com>
> ---
> Changes in v2:
> - Switch to !tools_build() per Simon
> ---
>  lib/rsa/rsa-verify.c | 8 ++------
>  1 file changed, 2 insertions(+), 6 deletions(-)
> 
> diff --git a/lib/rsa/rsa-verify.c b/lib/rsa/rsa-verify.c
> index 9605c376390a..db2aca5385a9 100644
> --- a/lib/rsa/rsa-verify.c
> +++ b/lib/rsa/rsa-verify.c
> @@ -23,18 +23,13 @@
>  #include <u-boot/rsa-mod-exp.h>
>  #include <u-boot/rsa.h>
>  
> -#ifndef __UBOOT__
>  /*
>   * NOTE:
>   * Since host tools, like mkimage, make use of openssl library for
>   * RSA encryption, rsa_verify_with_pkey()/rsa_gen_key_prop() are
>   * of no use and should not be compiled in.
> - * So just turn off CONFIG_RSA_VERIFY_WITH_PKEY.
>   */

I think you can delete the whole comment here.
If you think it's still helpful, please place it below
in the function.

-Takahiro Akashi

> -#undef CONFIG_RSA_VERIFY_WITH_PKEY
> -#endif
> -
>  /* Default public exponent for backward compatibility */
>  #define RSA_DEFAULT_PUBEXP	65537
>  
> @@ -506,7 +501,8 @@ int rsa_verify_hash(struct image_sign_info *info,
>  {
>  	int ret = -EACCES;
>  
> -	if (CONFIG_IS_ENABLED(RSA_VERIFY_WITH_PKEY) && !info->fdt_blob) {
> +	if (!tools_build() && CONFIG_IS_ENABLED(RSA_VERIFY_WITH_PKEY) &&
> +			!info->fdt_blob) {
>  		/* don't rely on fdt properties */
>  		ret = rsa_verify_with_pkey(info, hash, sig, sig_len);
>  		if (ret)
> -- 
> 2.25.1
> 


More information about the U-Boot mailing list