From: Philippe Reynes <philippe.reynes@softathome.com>
To: sjg@chromium.org, rasmus.villemoes@prevas.dk
Cc: u-boot@lists.denx.de, Philippe Reynes <philippe.reynes@softathome.com>
Subject: [PATCH v8 06/15] lib: rsa: allow rsa verify with pkey in SPL
Date: Mon, 28 Mar 2022 22:56:58 +0200 [thread overview]
Message-ID: <20220328205707.348270-7-philippe.reynes@softathome.com> (raw)
In-Reply-To: <20220328205707.348270-1-philippe.reynes@softathome.com>
This commit adds the option SPL_RSA_VERIFY_WITH_PKEY.
Reviewed-by: Simon Glass <sjg@chromium.org>
Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
---
lib/rsa/Kconfig | 19 +++++++++++++++++++
1 file changed, 19 insertions(+)
diff --git a/lib/rsa/Kconfig b/lib/rsa/Kconfig
index be9775bcce..b773f17c26 100644
--- a/lib/rsa/Kconfig
+++ b/lib/rsa/Kconfig
@@ -47,6 +47,25 @@ config RSA_VERIFY_WITH_PKEY
directly specified in image_sign_info, where all the necessary
key properties will be calculated on the fly in verification code.
+config SPL_RSA_VERIFY_WITH_PKEY
+ bool "Execute RSA verification without key parameters from FDT within SPL"
+ depends on SPL
+ select SPL_RSA_VERIFY
+ select SPL_ASYMMETRIC_KEY_TYPE
+ select SPL_ASYMMETRIC_PUBLIC_KEY_SUBTYPE
+ select SPL_RSA_PUBLIC_KEY_PARSER
+ help
+ The standard RSA-signature verification code (FIT_SIGNATURE) uses
+ pre-calculated key properties, that are stored in fdt blob, in
+ decrypting a signature.
+ This does not suit the use case where there is no way defined to
+ provide such additional key properties in standardized form,
+ particularly UEFI secure boot.
+ This options enables RSA signature verification with a public key
+ directly specified in image_sign_info, where all the necessary
+ key properties will be calculated on the fly in verification code
+ in the SPL.
+
config RSA_SOFTWARE_EXP
bool "Enable driver for RSA Modular Exponentiation in software"
depends on DM
--
2.25.1
next prev parent reply other threads:[~2022-03-28 20:58 UTC|newest]
Thread overview: 31+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-03-28 20:56 [PATCH v8 00/15] image: add a stage pre-load Philippe Reynes
2022-03-28 20:56 ` [PATCH v8 01/15] arch: Kconfig: imply BINMAN for SANDBOX Philippe Reynes
2022-03-31 23:20 ` Tom Rini
2022-03-28 20:56 ` [PATCH v8 02/15] lib: Kconfig: enhance help for ASN1 Philippe Reynes
2022-03-31 23:21 ` Tom Rini
2022-03-28 20:56 ` [PATCH v8 03/15] lib: Kconfig: enhance the help of OID_REGISTRY Philippe Reynes
2022-03-31 23:21 ` Tom Rini
2022-03-28 20:56 ` [PATCH v8 04/15] lib: allow to build asn1 decoder and oid registry in SPL Philippe Reynes
2022-03-31 23:21 ` Tom Rini
2022-03-28 20:56 ` [PATCH v8 05/15] lib: crypto: allow to build crypyo " Philippe Reynes
2022-03-31 23:21 ` Tom Rini
2022-03-28 20:56 ` Philippe Reynes [this message]
2022-03-31 23:21 ` [PATCH v8 06/15] lib: rsa: allow rsa verify with pkey " Tom Rini
2022-03-28 20:56 ` [PATCH v8 07/15] boot: image: add a stage pre-load Philippe Reynes
2022-03-31 23:21 ` Tom Rini
2022-03-28 20:57 ` [PATCH v8 08/15] cmd: bootm: " Philippe Reynes
2022-03-31 23:21 ` Tom Rini
2022-03-28 20:57 ` [PATCH v8 09/15] common: spl: fit_ram: allow to use image pre load Philippe Reynes
2022-03-31 23:21 ` Tom Rini
2022-03-28 20:57 ` [PATCH v8 10/15] mkimage: add public key for image pre-load stage Philippe Reynes
2022-03-31 23:21 ` Tom Rini
2022-03-28 20:57 ` [PATCH v8 11/15] Makefile: provide sah-key to binman Philippe Reynes
2022-03-31 23:22 ` Tom Rini
2022-03-28 20:57 ` [PATCH v8 12/15] tools: binman: add support for pre-load header Philippe Reynes
2022-03-31 23:22 ` Tom Rini
2022-03-28 20:57 ` [PATCH v8 13/15] configs: sandbox_defconfig: enable stage pre-load in bootm Philippe Reynes
2022-03-31 23:22 ` Tom Rini
2022-03-28 20:57 ` [PATCH v8 14/15] test: py: vboot: add test for global image signature Philippe Reynes
2022-03-31 23:22 ` Tom Rini
2022-03-28 20:57 ` [PATCH v8 15/15] cmd: bootm: add subcommand preload Philippe Reynes
2022-03-31 23:22 ` Tom Rini
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20220328205707.348270-7-philippe.reynes@softathome.com \
--to=philippe.reynes@softathome.com \
--cc=rasmus.villemoes@prevas.dk \
--cc=sjg@chromium.org \
--cc=u-boot@lists.denx.de \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.