From: Philippe Reynes Date: Mon, 28 Mar 2022 20:56:58 +0000 (+0200) Subject: lib: rsa: allow rsa verify with pkey in SPL X-Git-Tag: v2025.01-rc5-pxa1908~1478^2~4^2~9 X-Git-Url: http://git.dujemihanovic.xyz/img/sics.gif?a=commitdiff_plain;h=f6bacf1d489090c8fca1d442cedd8902d8f5acec;p=u-boot.git lib: rsa: allow rsa verify with pkey in SPL This commit adds the option SPL_RSA_VERIFY_WITH_PKEY. Reviewed-by: Simon Glass Signed-off-by: Philippe Reynes --- diff --git a/lib/rsa/Kconfig b/lib/rsa/Kconfig index be9775bcce..b773f17c26 100644 --- a/lib/rsa/Kconfig +++ b/lib/rsa/Kconfig @@ -47,6 +47,25 @@ config RSA_VERIFY_WITH_PKEY directly specified in image_sign_info, where all the necessary key properties will be calculated on the fly in verification code. +config SPL_RSA_VERIFY_WITH_PKEY + bool "Execute RSA verification without key parameters from FDT within SPL" + depends on SPL + select SPL_RSA_VERIFY + select SPL_ASYMMETRIC_KEY_TYPE + select SPL_ASYMMETRIC_PUBLIC_KEY_SUBTYPE + select SPL_RSA_PUBLIC_KEY_PARSER + help + The standard RSA-signature verification code (FIT_SIGNATURE) uses + pre-calculated key properties, that are stored in fdt blob, in + decrypting a signature. + This does not suit the use case where there is no way defined to + provide such additional key properties in standardized form, + particularly UEFI secure boot. + This options enables RSA signature verification with a public key + directly specified in image_sign_info, where all the necessary + key properties will be calculated on the fly in verification code + in the SPL. + config RSA_SOFTWARE_EXP bool "Enable driver for RSA Modular Exponentiation in software" depends on DM