[PATCH] rsa: always build pss padding

Quentin Schulz quentin.schulz at cherry.de
Thu Oct 30 18:06:50 CET 2025 


On 10/30/25 11:21 AM, Quentin Schulz wrote:
> Hi Tom.
> 
> On 10/29/25 11:20 PM, Tom Rini wrote:
>> On Wed, Oct 29, 2025 at 12:28:53PM +0100, Quentin Schulz wrote:
>>
>>> From: Quentin Schulz <quentin.schulz at cherry.de>
>>>
>>> One could very well want to verify signed files which aren't a FIT
>>> image (e.g. via rsa_verify_hash() when $(PHASE_)RSA_VERIFY_WITH_PKEY=y)
>>> but that is currently only possible if the FIT_SIGNATURE symbol is
>>> enabled for the stage this signed file needs to be verified.
>>>
>>> While we could remove the dependency on FIT_SIGNATURE and find a better
>>> name for the symbol, let's simply always build support for PSS padding
>>> when RSA is enabled, like we currently do for pkcs-1.5 padding.
>>>
>>> When $(PHASE_)RSA_VERIFY is enabled on PX30 Ringneck, the difference is
>>> an additional 904B for the SPL (spl/u-boot-spl.bin) and 1000B for U-Boot
>>> proper (u-boot-nodtb.bin).
>>>
>>> Signed-off-by: Quentin Schulz <quentin.schulz at cherry.de>
>>> ---
>>> Another option is to remove the FIT_SIGNATURE dependency. For context, I
>>> have a system where U-Boot proper verifies the signature of a few
>>> binaries thanks to rsa_verify_hash() (see CONFIG_RSA_VERIFY_WITH_PKEY)
>>> with an embedded public key. We do not use FIT images in proper and I
>>> would like to avoid building code we don't use to limit the attack
>>> surface, so I was looking at ways to remove the FIT support in proper
>>> and this dependency makes it impossible as we use PSS padding.
>>>
>>> The cost of always building all RSA paddings may be too high though, I
>>> don't know where we should draw the line.
>>
>> I think the cost of ~900 bytes in SPL for 120 platforms is on the high
>> side. How about a different symbol? Or would you want this enabled by
> 
> Yeah that was my assumption as well.
> 
> I think will go with renaming the symbol to RSASSA_PSS (and 
> SPL_RSASSA_PSS) and only make it depend on RSA (and SPL_RSA), then move 
> the symbol to lib/rsa/Kconfig.
> 
> How does that sound?
> 
> I'm not sure to understand why we made PSS padding an option for the 
> tools though... I'm thinking about removing the TOOLS_RSASSA_PSS symbol 

Answering myself: the option is actually `def_bool y` so always built 
in. It's there so that CONFIG_IS_ENABLED(FIT_RSASSA_PSS) can be resolved 
when building for tools.

Meanwhile, I'm looking into getting rid of FIT support in proper but 
still have it in SPL, but that I'm hitting issues with symbols all 
around. Let's see what I can do :)

Cheers,
Quentin

More information about the U-Boot mailing list