[PATCH v6 06/16] lib: rsa: allow rsa verify with pkey in SPL
Philippe Reynes
philippe.reynes at softathome.com
Fri Feb 25 15:57:44 CET 2022
This commit adds the option SPL_RSA_VERIFY_WITH_PKEY.
Reviewed-by: Simon Glass <sjg at chromium.org>
Signed-off-by: Philippe Reynes <philippe.reynes at softathome.com>
---
lib/rsa/Kconfig | 19 +++++++++++++++++++
1 file changed, 19 insertions(+)
diff --git a/lib/rsa/Kconfig b/lib/rsa/Kconfig
index be9775bcce..b773f17c26 100644
--- a/lib/rsa/Kconfig
+++ b/lib/rsa/Kconfig
@@ -47,6 +47,25 @@ config RSA_VERIFY_WITH_PKEY
directly specified in image_sign_info, where all the necessary
key properties will be calculated on the fly in verification code.
+config SPL_RSA_VERIFY_WITH_PKEY
+ bool "Execute RSA verification without key parameters from FDT within SPL"
+ depends on SPL
+ select SPL_RSA_VERIFY
+ select SPL_ASYMMETRIC_KEY_TYPE
+ select SPL_ASYMMETRIC_PUBLIC_KEY_SUBTYPE
+ select SPL_RSA_PUBLIC_KEY_PARSER
+ help
+ The standard RSA-signature verification code (FIT_SIGNATURE) uses
+ pre-calculated key properties, that are stored in fdt blob, in
+ decrypting a signature.
+ This does not suit the use case where there is no way defined to
+ provide such additional key properties in standardized form,
+ particularly UEFI secure boot.
+ This options enables RSA signature verification with a public key
+ directly specified in image_sign_info, where all the necessary
+ key properties will be calculated on the fly in verification code
+ in the SPL.
+
config RSA_SOFTWARE_EXP
bool "Enable driver for RSA Modular Exponentiation in software"
depends on DM
--
2.17.1
More information about the U-Boot
mailing list