Kconfig: FIT_SIGNATURE should not select RSA_VERIFY

FIT signatures can now be implemented with ECDSA. The assumption that
all FIT images are signed with RSA is no longer valid. Thus, instead
of 'select'ing RSA, only 'imply' it. This doesn't change the defaults,
but allows one to explicitly disable RSA support.

Signed-off-by: Alexandru Gagniuc <mr.nuke.me@gmail.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Igor Opaniuk <igor.opaniuk@foundries.io>
Reviewed-by: Patrick Delaunay <patrick.delaunay@foss.st.com>

diff --git a/common/Kconfig.boot b/common/Kconfig.boot
index f39df04bbfac9acc2ecbc42198f546fec45d868c..0d4c38402c116e3d327b26c59e6bdd33c8a997ae 100644 (file)
--- a/common/Kconfig.boot
+++ b/common/Kconfig.boot
@@ -76,8 +76,8 @@ config FIT_SIGNATURE
        bool "Enable signature verification of FIT uImages"
        depends on DM
        select HASH
-       select RSA
-       select RSA_VERIFY
+       imply RSA
+       imply RSA_VERIFY
        select IMAGE_SIGN_INFO
        select FIT_FULL_CHECK
        help
@@ -186,8 +186,8 @@ config SPL_FIT_SIGNATURE
        select SPL_FIT
        select SPL_CRYPTO
        select SPL_HASH_SUPPORT
-       select SPL_RSA
-       select SPL_RSA_VERIFY
+       imply SPL_RSA
+       imply SPL_RSA_VERIFY
        select SPL_IMAGE_SIGN_INFO
        select SPL_FIT_FULL_CHECK