From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-15.8 required=3.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,FREEMAIL_FORGED_FROMDOMAIN,FREEMAIL_FROM, HEADER_FROM_DIFFERENT_DOMAINS,INCLUDES_CR_TRAILER,INCLUDES_PATCH, MAILING_LIST_MULTI,SPF_HELO_NONE,SPF_PASS,URIBL_BLOCKED,USER_AGENT_GIT autolearn=ham autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 60B34C4338F for ; Thu, 29 Jul 2021 16:48:15 +0000 (UTC) Received: from phobos.denx.de (phobos.denx.de [85.214.62.61]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPS id C13AE60F43 for ; Thu, 29 Jul 2021 16:48:14 +0000 (UTC) DMARC-Filter: OpenDMARC Filter v1.4.1 mail.kernel.org C13AE60F43 Authentication-Results: mail.kernel.org; dmarc=fail (p=none dis=none) header.from=gmail.com Authentication-Results: mail.kernel.org; spf=pass smtp.mailfrom=lists.denx.de Received: from h2850616.stratoserver.net (localhost [IPv6:::1]) by phobos.denx.de (Postfix) with ESMTP id 206E583119; Thu, 29 Jul 2021 18:47:53 +0200 (CEST) Authentication-Results: phobos.denx.de; dmarc=pass (p=none dis=none) header.from=gmail.com Authentication-Results: phobos.denx.de; spf=pass smtp.mailfrom=u-boot-bounces@lists.denx.de Authentication-Results: phobos.denx.de; dkim=pass (2048-bit key; unprotected) header.d=gmail.com header.i=@gmail.com header.b="rSBgk0PY"; dkim-atps=neutral Received: by phobos.denx.de (Postfix, from userid 109) id BB58982F3B; Thu, 29 Jul 2021 18:47:33 +0200 (CEST) Received: from mail-oi1-x230.google.com (mail-oi1-x230.google.com [IPv6:2607:f8b0:4864:20::230]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits)) (No client certificate requested) by phobos.denx.de (Postfix) with ESMTPS id 9EFDC82F0C for ; Thu, 29 Jul 2021 18:47:29 +0200 (CEST) Authentication-Results: phobos.denx.de; dmarc=pass (p=none dis=none) header.from=gmail.com Authentication-Results: phobos.denx.de; spf=pass smtp.mailfrom=mr.nuke.me@gmail.com Received: by mail-oi1-x230.google.com with SMTP id u25so9218943oiv.5 for ; Thu, 29 Jul 2021 09:47:29 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding; bh=aauEKLehr0H+VEVW3/B7gi63GHZdHY7B+ycxzOocrfI=; b=rSBgk0PYUwgn5PFqXV46Cjbv0yzHcUorn3MSXapuZq7UYjE3re+W7+HI20Wkk6oBsf pv9HQ6mgbNAKgUbVIepztKxjEiW2P+mccS/VZ/BOd+blFg5adOSlo6yD3DPIsnLWfUqD Obl6tOfT4dvw2summiMlO+07tfKMql+G+u0XJJFjPAVXum8tt2OjfuGl40Kdnzrg3nXW r0FKB0A5FLqb0VRRFvj4rUqBum0BHn2boXfjt/UGC9iavzrQRHDCRZ5XluNS117CqOUx GxqjFsaGUKhzXAyRoh0wKhSCQ7msRvdub6B/QMeh/zRNpGxFzRMGWuaOvoPtU2DVk5V1 gUfw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=aauEKLehr0H+VEVW3/B7gi63GHZdHY7B+ycxzOocrfI=; b=q243/IYyrWK2eo3c6QYnhVTUvYDlz/WQoJFdu08r4VEIMgoDbRITcbNUvU6x7CITC3 bucxRsP9j5sMLfu/szCmWzicEIj9O+dHVZ3ajQ5R1TtWFZBJx5jVNz5pF3lOOgSQW9fo jz4rCmgucNNjJBI5c0lkaRAM0D2EEheWU3YEEB6gouB1fvLjyJSeSMPgHPUQ9eSDWp9I QMZnc6SvMrrmACzRXbWdjHjikpTJfMrLLa14X4klIvPWgFGG5Zthsxfq2OkrLG0VRkq0 TZxPOAOCK0FgXyZv6p2RKjZYxQfDiCyZg3kVEktvXD9jHBUb1yvRpjG6hBVSpSW1i/+U UucA== X-Gm-Message-State: AOAM530ynasfuabtQyjxrhN0lEiRkTjk0aQOMNVnPXD2AwXMXpGNDJG0 BT+VKb/Dp0ihmD/p9xssrLL6RE9wmf8= X-Google-Smtp-Source: ABdhPJx0UPWjLQPEKbs9f/hv7LqoW+09F8SZd1O338+7IjPM0tLaVSsUV+0wqGP5pB1+Ghxrcot64g== X-Received: by 2002:a05:6808:10c8:: with SMTP id s8mr3769680ois.92.1627577247650; Thu, 29 Jul 2021 09:47:27 -0700 (PDT) Received: from nuclearis3.lan (c-98-195-139-126.hsd1.tx.comcast.net. [98.195.139.126]) by smtp.gmail.com with ESMTPSA id i12sm623273otr.56.2021.07.29.09.47.26 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 29 Jul 2021 09:47:27 -0700 (PDT) From: Alexandru Gagniuc To: u-boot@lists.denx.de, patrick.delaunay@foss.st.com Cc: Alexandru Gagniuc , sjg@chromium.org, etienne.carriere@linaro.org, patrice.chotard@foss.st.com, Igor Opaniuk Subject: [PATCH 4/5] Kconfig: FIT_SIGNATURE should not select RSA_VERIFY Date: Thu, 29 Jul 2021 11:47:18 -0500 Message-Id: <20210729164719.3490718-5-mr.nuke.me@gmail.com> X-Mailer: git-send-email 2.31.1 In-Reply-To: <20210729164719.3490718-1-mr.nuke.me@gmail.com> References: <20210729164719.3490718-1-mr.nuke.me@gmail.com> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-BeenThere: u-boot@lists.denx.de X-Mailman-Version: 2.1.34 Precedence: list List-Id: U-Boot discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: u-boot-bounces@lists.denx.de Sender: "U-Boot" X-Virus-Scanned: clamav-milter 0.103.2 at phobos.denx.de X-Virus-Status: Clean FIT signatures can now be implemented with ECDSA. The assumption that all FIT images are signed with RSA is no longer valid. Thus, instead of 'select'ing RSA, only 'imply' it. This doesn't change the defaults, but allows one to explicitly disable RSA support. Signed-off-by: Alexandru Gagniuc Reviewed-by: Simon Glass Reviewed-by: Igor Opaniuk --- common/Kconfig.boot | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/common/Kconfig.boot b/common/Kconfig.boot index f39df04bbf..0d4c38402c 100644 --- a/common/Kconfig.boot +++ b/common/Kconfig.boot @@ -76,8 +76,8 @@ config FIT_SIGNATURE bool "Enable signature verification of FIT uImages" depends on DM select HASH - select RSA - select RSA_VERIFY + imply RSA + imply RSA_VERIFY select IMAGE_SIGN_INFO select FIT_FULL_CHECK help @@ -186,8 +186,8 @@ config SPL_FIT_SIGNATURE select SPL_FIT select SPL_CRYPTO select SPL_HASH_SUPPORT - select SPL_RSA - select SPL_RSA_VERIFY + imply SPL_RSA + imply SPL_RSA_VERIFY select SPL_IMAGE_SIGN_INFO select SPL_FIT_FULL_CHECK -- 2.31.1