[PATCH v2 4/6] boot: allow SPL FIT signature verification without DM

Thu May 7 18:49:17 CEST 2026

Hi Quentin,

On Thu, 7 May 2026 at 05:17, Quentin Schulz <quentin.schulz at cherry.de> wrote:
>
> Hi Lukas,
>
> On 5/1/26 12:33 AM, Lukas Schmid wrote:
> > SPL FIT verification was effectively tied to Driver Model. The RSA
> > verifier assumed a DM-backed modexp device, and SPL_FIT_SIGNATURE
> > depended on SPL_DM. This prevents non-DM SPL platforms from using
> > FIT signature verification even though the software modular exponent
> > fallback is already available.
> >
> > Drop the hard SPL_DM dependency and only look up the modexp device
> > when DM is enabled. Non-DM SPL builds then fall back to the software
> > implementation and can enable signed FIT verification.
> >
> > Signed-off-by: Lukas Schmid <lukas.schmid at netcube.li>
> > ---
> >   boot/Kconfig         |  1 -
> >   lib/rsa/rsa-verify.c | 16 ++++++++++------
> >   2 files changed, 10 insertions(+), 7 deletions(-)
> >
> > diff --git a/boot/Kconfig b/boot/Kconfig
> > index 4e9bc9491a0..6ccb7d44a5e 100644
> > --- a/boot/Kconfig
> > +++ b/boot/Kconfig
> > @@ -202,7 +202,6 @@ config SPL_FIT_FULL_CHECK
> >
> >   config SPL_FIT_SIGNATURE
> >       bool "Enable signature verification of FIT firmware within SPL"
> > -     depends on SPL_DM
> >       depends on SPL_LOAD_FIT
> >       select FIT_SIGNATURE
> >       select SPL_FIT
> > diff --git a/lib/rsa/rsa-verify.c b/lib/rsa/rsa-verify.c
> > index 3169c3a6dd1..24b23ab565a 100644
> > --- a/lib/rsa/rsa-verify.c
> > +++ b/lib/rsa/rsa-verify.c
> > @@ -355,13 +355,17 @@ static int rsa_verify_key(struct image_sign_info *info,
> >       hash_len = checksum->checksum_len;
> >
> >   #if !defined(USE_HOSTCC)
> > -     ret = uclass_get_device(UCLASS_MOD_EXP, 0, &mod_exp_dev);
> > -     if (ret) {
> > -             printf("RSA: Can't find Modular Exp implementation\n");
> > -             return -EINVAL;
> > -     }
> > +     if (CONFIG_IS_ENABLED(DM)) {
> > +             ret = uclass_get_device(UCLASS_MOD_EXP, 0, &mod_exp_dev);
> > +             if (ret) {
> > +                     printf("RSA: Can't find Modular Exp implementation\n");
> > +                     return -EINVAL;
> > +             }
> >
> > -     ret = rsa_mod_exp(mod_exp_dev, sig, sig_len, prop, buf);
> > +             ret = rsa_mod_exp(mod_exp_dev, sig, sig_len, prop, buf);
> > +     } else {
> > +             ret = rsa_mod_exp_sw(sig, sig_len, prop, buf);
> > +     }
>
> Mmmmm I'm wondering if in the event we build with DM support but cannot
> find a modexp implem we shouldn't default to the software implem if
> available? Security-wise I'm not sure we're losing here, it's just that
> I'm assuming SW-based RSA verification is slower than HW-based no?
>
> Also, this function is only defined when CONFIG_RSA_SOFTWARE_EXP is
> enabled (and we don't have a toggle for xPL phases (should we?)), so we
> need to handle this here to avoid breaking builds.

Right

>
> Finally, I still see RSA_SOFTWARE_EXP depends on DM at the Kconfig
> level. So bringing this in SPL seems wrong, as we would depend on U-Boot
> proper having DM enabled for it to work in xPL. So either the dependency
> is incorrect or we're missing something in SPL. With a cursory look at
> it, it seems DM isn't required so maybe we can drop it.

Re DM, there is a UCLASS_MOD_EXP so we can support
hardware-accelerated verification.

Regards,
Simon