[PATCH] rsa: always build pss padding

[Tom Rini]

On Wed, Oct 29, 2025 at 12:28:53PM +0100, Quentin Schulz wrote:

> From: Quentin Schulz <quentin.schulz at cherry.de>
> 
> One could very well want to verify signed files which aren't a FIT
> image (e.g. via rsa_verify_hash() when $(PHASE_)RSA_VERIFY_WITH_PKEY=y)
> but that is currently only possible if the FIT_SIGNATURE symbol is
> enabled for the stage this signed file needs to be verified.
> 
> While we could remove the dependency on FIT_SIGNATURE and find a better
> name for the symbol, let's simply always build support for PSS padding
> when RSA is enabled, like we currently do for pkcs-1.5 padding.
> 
> When $(PHASE_)RSA_VERIFY is enabled on PX30 Ringneck, the difference is
> an additional 904B for the SPL (spl/u-boot-spl.bin) and 1000B for U-Boot
> proper (u-boot-nodtb.bin).
> 
> Signed-off-by: Quentin Schulz <quentin.schulz at cherry.de>
> ---
> Another option is to remove the FIT_SIGNATURE dependency. For context, I
> have a system where U-Boot proper verifies the signature of a few
> binaries thanks to rsa_verify_hash() (see CONFIG_RSA_VERIFY_WITH_PKEY)
> with an embedded public key. We do not use FIT images in proper and I
> would like to avoid building code we don't use to limit the attack
> surface, so I was looking at ways to remove the FIT support in proper
> and this dependency makes it impossible as we use PSS padding.
> 
> The cost of always building all RSA paddings may be too high though, I
> don't know where we should draw the line.

I think the cost of ~900 bytes in SPL for 120 platforms is on the high
side. How about a different symbol? Or would you want this enabled by
default on rockhip and so changing those 120 platforms anyways?

-- 
Tom
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 228 bytes
Desc: not available
URL: <https://lists.denx.de/pipermail/u-boot/attachments/20251029/9ffa7336/attachment.sig>