From: Philippe Reynes <philippe.reynes@softathome.com>
To: sjg@chromium.org, rasmus.villemoes@prevas.dk
Cc: u-boot@lists.denx.de, Philippe Reynes <philippe.reynes@softathome.com>
Subject: [PATCH v8 05/15] lib: crypto: allow to build crypyo in SPL
Date: Mon, 28 Mar 2022 22:56:57 +0200 [thread overview]
Message-ID: <20220328205707.348270-6-philippe.reynes@softathome.com> (raw)
In-Reply-To: <20220328205707.348270-1-philippe.reynes@softathome.com>
This commit adds the options:
- SPL_ASYMMETRIC_KEY_TYPE
- SPL_ASYMMETRIC_PUBLIC_KEY_SUBTYPE
- SPL_RSA_PUBLIC_KEY_PARSER
Reviewed-by: Simon Glass <sjg@chromium.org>
Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
---
lib/Makefile | 3 ++-
lib/crypto/Kconfig | 29 +++++++++++++++++++++++++++++
lib/crypto/Makefile | 19 +++++++++++++------
3 files changed, 44 insertions(+), 7 deletions(-)
diff --git a/lib/Makefile b/lib/Makefile
index 13e5d8f7a6..13fe5fb7a4 100644
--- a/lib/Makefile
+++ b/lib/Makefile
@@ -17,7 +17,6 @@ obj-$(CONFIG_OF_LIVE) += of_live.o
obj-$(CONFIG_CMD_DHRYSTONE) += dhry/
obj-$(CONFIG_ARCH_AT91) += at91/
obj-$(CONFIG_OPTEE_LIB) += optee/
-obj-y += crypto/
obj-$(CONFIG_AES) += aes.o
obj-$(CONFIG_AES) += aes/
@@ -63,6 +62,8 @@ obj-$(CONFIG_TPM_V1) += tpm-v1.o
obj-$(CONFIG_TPM_V2) += tpm-v2.o
endif
+obj-y += crypto/
+
obj-$(CONFIG_$(SPL_TPL_)GENERATE_ACPI_TABLE) += acpi/
obj-$(CONFIG_$(SPL_)MD5) += md5.o
obj-$(CONFIG_ECDSA) += ecdsa/
diff --git a/lib/crypto/Kconfig b/lib/crypto/Kconfig
index 6369bafac0..509bc28311 100644
--- a/lib/crypto/Kconfig
+++ b/lib/crypto/Kconfig
@@ -8,6 +8,15 @@ menuconfig ASYMMETRIC_KEY_TYPE
if ASYMMETRIC_KEY_TYPE
+config SPL_ASYMMETRIC_KEY_TYPE
+ bool "Asymmetric (public-key cryptographic) key Support within SPL"
+ depends on SPL
+ help
+ This option provides support for a key type that holds the data for
+ the asymmetric keys used for public key cryptographic operations such
+ as encryption, decryption, signature generation and signature
+ verification in the SPL.
+
config ASYMMETRIC_PUBLIC_KEY_SUBTYPE
bool "Asymmetric public-key crypto algorithm subtype"
help
@@ -16,6 +25,15 @@ config ASYMMETRIC_PUBLIC_KEY_SUBTYPE
appropriate hash algorithms (such as SHA-1) must be available.
ENOPKG will be reported if the requisite algorithm is unavailable.
+config SPL_ASYMMETRIC_PUBLIC_KEY_SUBTYPE
+ bool "Asymmetric public-key crypto algorithm subtype within SPL"
+ depends on ASYMMETRIC_PUBLIC_KEY_SUBTYPE
+ help
+ This option provides support for asymmetric public key type handling in the SPL.
+ If signature generation and/or verification are to be used,
+ appropriate hash algorithms (such as SHA-1) must be available.
+ ENOPKG will be reported if the requisite algorithm is unavailable.
+
config RSA_PUBLIC_KEY_PARSER
bool "RSA public key parser"
depends on ASYMMETRIC_PUBLIC_KEY_SUBTYPE
@@ -27,6 +45,17 @@ config RSA_PUBLIC_KEY_PARSER
public key data and provides the ability to instantiate a public
key.
+config SPL_RSA_PUBLIC_KEY_PARSER
+ bool "RSA public key parser within SPL"
+ depends on ASYMMETRIC_PUBLIC_KEY_SUBTYPE
+ select SPL_ASN1_DECODER
+ select ASN1_COMPILER
+ select SPL_OID_REGISTRY
+ help
+ This option provides support for parsing a blob containing RSA
+ public key data and provides the ability to instantiate a public
+ key in the SPL.
+
config X509_CERTIFICATE_PARSER
bool "X.509 certificate parser"
depends on ASYMMETRIC_PUBLIC_KEY_SUBTYPE
diff --git a/lib/crypto/Makefile b/lib/crypto/Makefile
index f3a414525d..6792b1d4f0 100644
--- a/lib/crypto/Makefile
+++ b/lib/crypto/Makefile
@@ -3,27 +3,34 @@
# Makefile for asymmetric cryptographic keys
#
-obj-$(CONFIG_ASYMMETRIC_KEY_TYPE) += asymmetric_keys.o
+obj-$(CONFIG_$(SPL_)ASYMMETRIC_KEY_TYPE) += asymmetric_keys.o
asymmetric_keys-y := asymmetric_type.o
-obj-$(CONFIG_ASYMMETRIC_PUBLIC_KEY_SUBTYPE) += public_key.o
+obj-$(CONFIG_$(SPL_)ASYMMETRIC_PUBLIC_KEY_SUBTYPE) += public_key.o
#
# RSA public key parser
#
-obj-$(CONFIG_RSA_PUBLIC_KEY_PARSER) += rsa_public_key.o
+obj-$(CONFIG_$(SPL_)RSA_PUBLIC_KEY_PARSER) += rsa_public_key.o
rsa_public_key-y := \
rsapubkey.asn1.o \
rsa_helper.o
$(obj)/rsapubkey.asn1.o: $(obj)/rsapubkey.asn1.c $(obj)/rsapubkey.asn1.h
+ifdef CONFIG_SPL_BUILD
+CFLAGS_rsapubkey.asn1.o += -I$(obj)
+endif
+
$(obj)/rsa_helper.o: $(obj)/rsapubkey.asn1.h
+ifdef CONFIG_SPL_BUILD
+CFLAGS_rsa_helper.o += -I$(obj)
+endif
#
# X.509 Certificate handling
#
-obj-$(CONFIG_X509_CERTIFICATE_PARSER) += x509_key_parser.o
+obj-$(CONFIG_$(SPL_)X509_CERTIFICATE_PARSER) += x509_key_parser.o
x509_key_parser-y := \
x509.asn1.o \
x509_akid.asn1.o \
@@ -40,11 +47,11 @@ $(obj)/x509_akid.asn1.o: $(obj)/x509_akid.asn1.c $(obj)/x509_akid.asn1.h
#
# PKCS#7 message handling
#
-obj-$(CONFIG_PKCS7_MESSAGE_PARSER) += pkcs7_message.o
+obj-$(CONFIG_$(SPL_)PKCS7_MESSAGE_PARSER) += pkcs7_message.o
pkcs7_message-y := \
pkcs7.asn1.o \
pkcs7_parser.o
-obj-$(CONFIG_PKCS7_VERIFY) += pkcs7_verify.o
+obj-$(CONFIG_$(SPL_)PKCS7_VERIFY) += pkcs7_verify.o
$(obj)/pkcs7_parser.o: $(obj)/pkcs7.asn1.h
$(obj)/pkcs7.asn1.o: $(obj)/pkcs7.asn1.c $(obj)/pkcs7.asn1.h
--
2.25.1
next prev parent reply other threads:[~2022-03-28 20:58 UTC|newest]
Thread overview: 31+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-03-28 20:56 [PATCH v8 00/15] image: add a stage pre-load Philippe Reynes
2022-03-28 20:56 ` [PATCH v8 01/15] arch: Kconfig: imply BINMAN for SANDBOX Philippe Reynes
2022-03-31 23:20 ` Tom Rini
2022-03-28 20:56 ` [PATCH v8 02/15] lib: Kconfig: enhance help for ASN1 Philippe Reynes
2022-03-31 23:21 ` Tom Rini
2022-03-28 20:56 ` [PATCH v8 03/15] lib: Kconfig: enhance the help of OID_REGISTRY Philippe Reynes
2022-03-31 23:21 ` Tom Rini
2022-03-28 20:56 ` [PATCH v8 04/15] lib: allow to build asn1 decoder and oid registry in SPL Philippe Reynes
2022-03-31 23:21 ` Tom Rini
2022-03-28 20:56 ` Philippe Reynes [this message]
2022-03-31 23:21 ` [PATCH v8 05/15] lib: crypto: allow to build crypyo " Tom Rini
2022-03-28 20:56 ` [PATCH v8 06/15] lib: rsa: allow rsa verify with pkey " Philippe Reynes
2022-03-31 23:21 ` Tom Rini
2022-03-28 20:56 ` [PATCH v8 07/15] boot: image: add a stage pre-load Philippe Reynes
2022-03-31 23:21 ` Tom Rini
2022-03-28 20:57 ` [PATCH v8 08/15] cmd: bootm: " Philippe Reynes
2022-03-31 23:21 ` Tom Rini
2022-03-28 20:57 ` [PATCH v8 09/15] common: spl: fit_ram: allow to use image pre load Philippe Reynes
2022-03-31 23:21 ` Tom Rini
2022-03-28 20:57 ` [PATCH v8 10/15] mkimage: add public key for image pre-load stage Philippe Reynes
2022-03-31 23:21 ` Tom Rini
2022-03-28 20:57 ` [PATCH v8 11/15] Makefile: provide sah-key to binman Philippe Reynes
2022-03-31 23:22 ` Tom Rini
2022-03-28 20:57 ` [PATCH v8 12/15] tools: binman: add support for pre-load header Philippe Reynes
2022-03-31 23:22 ` Tom Rini
2022-03-28 20:57 ` [PATCH v8 13/15] configs: sandbox_defconfig: enable stage pre-load in bootm Philippe Reynes
2022-03-31 23:22 ` Tom Rini
2022-03-28 20:57 ` [PATCH v8 14/15] test: py: vboot: add test for global image signature Philippe Reynes
2022-03-31 23:22 ` Tom Rini
2022-03-28 20:57 ` [PATCH v8 15/15] cmd: bootm: add subcommand preload Philippe Reynes
2022-03-31 23:22 ` Tom Rini
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20220328205707.348270-6-philippe.reynes@softathome.com \
--to=philippe.reynes@softathome.com \
--cc=rasmus.villemoes@prevas.dk \
--cc=sjg@chromium.org \
--cc=u-boot@lists.denx.de \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.