From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from phobos.denx.de (phobos.denx.de [85.214.62.61]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.lore.kernel.org (Postfix) with ESMTPS id 0150BC433F5 for ; Mon, 14 Mar 2022 14:59:39 +0000 (UTC) Received: from h2850616.stratoserver.net (localhost [IPv6:::1]) by phobos.denx.de (Postfix) with ESMTP id DA834830AF; Mon, 14 Mar 2022 15:59:29 +0100 (CET) Authentication-Results: phobos.denx.de; dmarc=none (p=none dis=none) header.from=softathome.com Authentication-Results: phobos.denx.de; spf=pass smtp.mailfrom=u-boot-bounces@lists.denx.de Authentication-Results: phobos.denx.de; dkim=pass (2048-bit key; unprotected) header.d=softathome1.onmicrosoft.com header.i=@softathome1.onmicrosoft.com header.b="BeQIciO3"; dkim-atps=neutral Received: by phobos.denx.de (Postfix, from userid 109) id ABE3183BCA; Mon, 14 Mar 2022 15:58:18 +0100 (CET) Received: from FRA01-MR2-obe.outbound.protection.outlook.com (mail-mr2fra01on0615.outbound.protection.outlook.com [IPv6:2a01:111:f400:7e19::615]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by phobos.denx.de (Postfix) with ESMTPS id CE6ED83923 for ; Mon, 14 Mar 2022 15:58:03 +0100 (CET) Authentication-Results: phobos.denx.de; dmarc=none (p=none dis=none) header.from=softathome.com Authentication-Results: phobos.denx.de; spf=pass smtp.mailfrom=philippe.reynes@softathome.com ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=QdNJIk/kqQMbo/4+EjLCV5nC0AS9TfW3sdjIOdCIg30oGh4LAMG3YqKP6nS0kIDDXT2HjF0UsRS6BSRpefdISh1qmGnqcrrdTky1J3M9kXtxfi/PIux5GGdzUjWvSvjpgdmTVCRu0IqcqX1NHnNlYptoZauj7nUABYIALzzKESEIgJLWgOqkIjK/Y0hhliCSaz7GCcyBfyfNtuY+NtVYctOtuEovd7GLcYwHkkMHH/ERqesYBHBS29IlNjkQLtB+gOTdWtINe+SS70FINHiegxOVTRYHZsheQrMLRLzcjYFZLOZWNeYKs9xe5qs3h4RgiBptJ+WD+z70WQxMDLmP6w== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=2XX9uGJxISX4g15uIoK1y3UwiBNdXEwoH0CesGQYOJ4=; b=X8dg86hBOdl5H67X9SGS16SRsPDjMtSRHuexXJCtZK54FO0QA7Kuy+Pz45xSIXEq9ATh+UALlWUxA/veGUu5CQu2HdtUEPMqOLByMFd3T2NUU0d8W1sx+xqB1VXx/OmLc/f30e/7uAhvcF2sYBsmuG9uuPichXc2NZVzCMfK2h1A6Pyty0mY2qlYLscIjM2M+p/KAuvEp8RlBsiP8LrzM1qwg2l33Mzc6D5BKMbtvmUH2OGJG5VvZCmwAc4ltSNszdqCbu+nF69HeGmoEKFwU6dRVS0cHHdIxI4fD6U8zYfGaN7KTpL3oLe7Nll7G/s3gDzfO6yXfMSiZo6ZbwFBug== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass (sender ip is 149.6.166.170) smtp.rcpttodomain=chromium.org smtp.mailfrom=softathome.com; dmarc=bestguesspass action=none header.from=softathome.com; dkim=none (message not signed); arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=softathome1.onmicrosoft.com; s=selector1-softathome1-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=2XX9uGJxISX4g15uIoK1y3UwiBNdXEwoH0CesGQYOJ4=; b=BeQIciO3GJhE5uI6diYCgUrJ5/XVX+cSE+mVAdKq46KqAwJz6unhojKgcQVOHXEveVoCgDM5dIB107CVm+5E6sUEOTH+70XvUR/x4Yc1qkZtXNT8QZMv/C/udkhFxeG2U+VZ2kCbdRtwoTc1a0cWDOJFocC65+IIMegxEGRPP/hYC53nj5Gvw3KvlugTObodBKZP9qEtdipM1qBIqolVFRwYaMiC5axCcBaUr/yI8gwz/qIo+nS61Z6KyB+qQg3w5n7HZN8KtgqPrRE4HrjsytURoXLf5VhL+w7JQdsH8L15GK9O8tYH/fSKKFm3QuGpZmE+n9GYFNcVOWS/ImxWiQ== Received: from MR2P264CA0150.FRAP264.PROD.OUTLOOK.COM (2603:10a6:501:1::13) by PR1P264MB1904.FRAP264.PROD.OUTLOOK.COM (2603:10a6:102:193::24) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.5061.25; Mon, 14 Mar 2022 14:58:01 +0000 Received: from MR2FRA01FT008.eop-fra01.prod.protection.outlook.com (2603:10a6:501:1:cafe::80) by MR2P264CA0150.outlook.office365.com (2603:10a6:501:1::13) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.5061.20 via Frontend Transport; Mon, 14 Mar 2022 14:58:01 +0000 X-MS-Exchange-Authentication-Results: spf=pass (sender IP is 149.6.166.170) smtp.mailfrom=softathome.com; dkim=none (message not signed) header.d=none;dmarc=bestguesspass action=none header.from=softathome.com; Received-SPF: Pass (protection.outlook.com: domain of softathome.com designates 149.6.166.170 as permitted sender) receiver=protection.outlook.com; client-ip=149.6.166.170; helo=proxy.softathome.com; Received: from proxy.softathome.com (149.6.166.170) by MR2FRA01FT008.mail.protection.outlook.com (10.152.50.193) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.5061.22 via Frontend Transport; Mon, 14 Mar 2022 14:58:01 +0000 Received: from localhost.localdomain (unknown [192.168.72.32]) by proxy.softathome.com (Postfix) with ESMTPSA id 0C10A20070; Mon, 14 Mar 2022 15:58:01 +0100 (CET) From: Philippe Reynes To: sjg@chromium.org, rasmus.villemoes@prevas.dk Cc: u-boot@lists.denx.de, Philippe Reynes Subject: [PATCH v7 06/16] lib: rsa: allow rsa verify with pkey in SPL Date: Mon, 14 Mar 2022 15:57:35 +0100 Message-Id: <20220314145745.15249-7-philippe.reynes@softathome.com> X-Mailer: git-send-email 2.17.1 In-Reply-To: <20220314145745.15249-1-philippe.reynes@softathome.com> References: <20220314145745.15249-1-philippe.reynes@softathome.com> X-EOPAttributedMessage: 0 X-MS-PublicTrafficType: Email MIME-Version: 1.0 Content-Type: text/plain X-MS-Office365-Filtering-Correlation-Id: 60b75241-bbbe-4181-3c71-08da05cb092d X-MS-TrafficTypeDiagnostic: PR1P264MB1904:EE_ X-Microsoft-Antispam-PRVS: X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: ZcTvw82/XNZerK0I8I1Q2Jgq0NxzBg6TI7bR1tFcdXGEomlab0+sVM97N3PXWojqsJOwttxav9aJchKalmfWhMy1Amt34xOjMdf8gPol8FJe+Xa3/Yr9RrmJJCSP1536Ed+cIRFNkp8uy4UYVZe0kHTH8QlCh+rjN2ShiwopP+fl5d17oY+uHD90jUu0CIcM0h0eILLIoyh9pHtmAfWaRGofRq28kTk9CyX50gO97cSHflaFQwGl9oC0ZL+TNlVLiyOWTdpTUzYiy//EJGOinVlznm4L0TDBLdjEDWwskkLTwi38XLf/U5mewFCvvAknwiBwOlZ2xFo5G7wGb7N6/+4bZT6KElo0HOhUAF2xS/Vky84adU9pUJZ4iY/wGCZgjXG7tN1XkpqIPzgPqGHON2JqqDsE3B0aEu2cpNIFQMxVfrhSDQKpJLxxXyeKhT2hQ+AtkOyMJ6IYOWHN0VwrW33xvWYJk/QUMC+6ZoqOAkqJgKzMevsP/Q3Oxy+v0ONEwxCMyX6K7tZIu77O5HjWsAy2PQu/TNzDiajGAmhoe+oW9gNoZ5IldaKI+DFqgzJTLNlVPhoi+Q37SXKn2lnxdgpnyIVGfEWzQS057kFjFj1jNiLtrr+zmKO8CWFveISkdSp6Ojd4m+j4QxVx9sf51OVkvBiQHxOE4GYEmJ3OxWTZZNA5rz1DISNCIn//dz9WT7IWRmn/TZzKBSZXNojT5A== X-Forefront-Antispam-Report: CIP:149.6.166.170; CTRY:FR; LANG:en; SCL:1; SRV:; IPV:CAL; SFV:NSPM; H:proxy.softathome.com; PTR:InfoDomainNonexistent; CAT:NONE; SFS:(13230001)(4636009)(40470700004)(36840700001)(46966006)(6966003)(36860700001)(8936002)(6266002)(426003)(5660300002)(336012)(8676002)(316002)(70586007)(70206006)(4326008)(86362001)(26005)(107886003)(1076003)(186003)(2616005)(47076005)(6666004)(82960400001)(356005)(81166007)(2906002)(36756003)(40460700003)(83380400001)(82310400004)(44832011)(15650500001)(508600001)(36900700001); DIR:OUT; SFP:1101; X-OriginatorOrg: softathome.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 14 Mar 2022 14:58:01.6181 (UTC) X-MS-Exchange-CrossTenant-Network-Message-Id: 60b75241-bbbe-4181-3c71-08da05cb092d X-MS-Exchange-CrossTenant-Id: aa10e044-e405-4c10-8353-36b4d0cce511 X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=aa10e044-e405-4c10-8353-36b4d0cce511; Ip=[149.6.166.170]; Helo=[proxy.softathome.com] X-MS-Exchange-CrossTenant-AuthSource: MR2FRA01FT008.eop-fra01.prod.protection.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Anonymous X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem X-MS-Exchange-Transport-CrossTenantHeadersStamped: PR1P264MB1904 X-BeenThere: u-boot@lists.denx.de X-Mailman-Version: 2.1.39 Precedence: list List-Id: U-Boot discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: u-boot-bounces@lists.denx.de Sender: "U-Boot" X-Virus-Scanned: clamav-milter 0.103.5 at phobos.denx.de X-Virus-Status: Clean This commit adds the option SPL_RSA_VERIFY_WITH_PKEY. Reviewed-by: Simon Glass Signed-off-by: Philippe Reynes --- lib/rsa/Kconfig | 19 +++++++++++++++++++ 1 file changed, 19 insertions(+) diff --git a/lib/rsa/Kconfig b/lib/rsa/Kconfig index be9775bcce..b773f17c26 100644 --- a/lib/rsa/Kconfig +++ b/lib/rsa/Kconfig @@ -47,6 +47,25 @@ config RSA_VERIFY_WITH_PKEY directly specified in image_sign_info, where all the necessary key properties will be calculated on the fly in verification code. +config SPL_RSA_VERIFY_WITH_PKEY + bool "Execute RSA verification without key parameters from FDT within SPL" + depends on SPL + select SPL_RSA_VERIFY + select SPL_ASYMMETRIC_KEY_TYPE + select SPL_ASYMMETRIC_PUBLIC_KEY_SUBTYPE + select SPL_RSA_PUBLIC_KEY_PARSER + help + The standard RSA-signature verification code (FIT_SIGNATURE) uses + pre-calculated key properties, that are stored in fdt blob, in + decrypting a signature. + This does not suit the use case where there is no way defined to + provide such additional key properties in standardized form, + particularly UEFI secure boot. + This options enables RSA signature verification with a public key + directly specified in image_sign_info, where all the necessary + key properties will be calculated on the fly in verification code + in the SPL. + config RSA_SOFTWARE_EXP bool "Enable driver for RSA Modular Exponentiation in software" depends on DM -- 2.17.1