From patchwork Mon Jan 27 10:27:35 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: AKASHI Takahiro X-Patchwork-Id: 240267 List-Id: U-Boot discussion From: takahiro.akashi at linaro.org (AKASHI Takahiro) Date: Mon, 27 Jan 2020 19:27:35 +0900 Subject: [PATCH v6 2/7] rsa: add CONFIG_RSA_VERIFY_WITH_PKEY config In-Reply-To: <20200127102740.26831-1-takahiro.akashi@linaro.org> References: <20200127102740.26831-1-takahiro.akashi@linaro.org> Message-ID: <20200127102740.26831-3-takahiro.akashi@linaro.org> In the next couple of commits, under new CONFIG_RSA_VERIFY_WITH_PKEY, rsa_verify() will be extended to be able to perform RSA decryption without additional RSA key properties from FIT image, i.e. rr and n0inv. Signed-off-by: AKASHI Takahiro Reviewed-by: Simon Glass --- lib/rsa/Kconfig | 14 ++++++++++++++ 1 file changed, 14 insertions(+) diff --git a/lib/rsa/Kconfig b/lib/rsa/Kconfig index 18a075c17478..89697219db2d 100644 --- a/lib/rsa/Kconfig +++ b/lib/rsa/Kconfig @@ -28,6 +28,20 @@ config RSA_VERIFY help Add RSA signature verification support. +config RSA_VERIFY_WITH_PKEY + bool "Execute RSA verification without key parameters from FDT" + select RSA_VERIFY + help + The standard RSA-signature verification code (FIT_SIGNATURE) uses + pre-calculated key properties, that are stored in fdt blob, in + decrypting a signature. + This does not suit the use case where there is no way defined to + provide such additional key properties in standardized form, + particularly UEFI secure boot. + This options enables RSA signature verification with a public key + directly specified in image_sign_info, where all the necessary + key properties will be calculated on the fly in verification code. + config RSA_SOFTWARE_EXP bool "Enable driver for RSA Modular Exponentiation in software" depends on DM