From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from phobos.denx.de (phobos.denx.de [85.214.62.61]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.lore.kernel.org (Postfix) with ESMTPS id 61C41C433EF for ; Mon, 28 Mar 2022 20:58:19 +0000 (UTC) Received: from h2850616.stratoserver.net (localhost [IPv6:::1]) by phobos.denx.de (Postfix) with ESMTP id 3D8CD83C84; Mon, 28 Mar 2022 22:57:43 +0200 (CEST) Authentication-Results: phobos.denx.de; dmarc=none (p=none dis=none) header.from=softathome.com Authentication-Results: phobos.denx.de; spf=pass smtp.mailfrom=u-boot-bounces@lists.denx.de Authentication-Results: phobos.denx.de; dkim=pass (2048-bit key; unprotected) header.d=softathome1.onmicrosoft.com header.i=@softathome1.onmicrosoft.com header.b="Y7/Hr1FX"; dkim-atps=neutral Received: by phobos.denx.de (Postfix, from userid 109) id 694CD83C84; Mon, 28 Mar 2022 22:57:22 +0200 (CEST) Received: from FRA01-MR2-obe.outbound.protection.outlook.com (mail-mr2fra01on0603.outbound.protection.outlook.com [IPv6:2a01:111:f400:7e19::603]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by phobos.denx.de (Postfix) with ESMTPS id DCC0183F80 for ; Mon, 28 Mar 2022 22:57:15 +0200 (CEST) Authentication-Results: phobos.denx.de; dmarc=none (p=none dis=none) header.from=softathome.com Authentication-Results: phobos.denx.de; spf=pass smtp.mailfrom=philippe.reynes@softathome.com ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=TPghgVKxx2ouhej6ugW+2gisoeRmHaNrtFOJkNOitOHAvNtnJ5YVlZIUOu8iehwt8ufyiT5w4QmUP/WdZlEQ61XQDJOjTlTO3qiBymdsicLFKvwocx5tw+0yTHWjGHeuBoj/YxKzuy8elBXMReWl6tG2FCc4K/jhGUeW6QocNUdmKZn5vEG/SdUq0zswQ1DOp6xeujfnHXFdBM/9tfSadfx8Q5iWVJK9oT5pGyRrpJDOGAwXkZk5OHw+9Nn7CpoVbFhRBR1yeEhOy9rGvNEz45vXdWKE8o4wHJLY3BL53WvN7URTXHrUObU2NdNG7fW07FtuB6nra0jc3eA7Ot1kPw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=xz7Ky/v1xAhl5w9yZlwea9wTQmCrSEEZWhcWb5DFnfk=; b=kxkZSAiMqA+4EA2mlvnEUwjJImTVWdEyeAfRht6T0sKlNpDFiR2Z3BfGV0lxDlZgzolAUl7YXdMUWADgs1huXrL7PiyCzTvqZx8jxsRwuS07Fu+CDxRGh55E0tPvwlw58bfqRqhRKoxwGti9G1mz5QDmpFc2uOrAClqSC0CDAZMDK4s4SbW0zh12c/nq2k3jI9QJN+Ajky08OzuxRzEWs8jsxUbdxGTho2UetjXBK/MOBNo4eY+Gg4Ca5g9+5pH8rO8FVwyrbTri/r+uGt4ea6yToJf6g9K4OPm/2wZdRzJdiY/oi79kIcIkFCDhRV5i+PZczatAvR6x3+c6L2/Xww== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass (sender ip is 149.6.166.170) smtp.rcpttodomain=chromium.org smtp.mailfrom=softathome.com; dmarc=bestguesspass action=none header.from=softathome.com; dkim=none (message not signed); arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=softathome1.onmicrosoft.com; s=selector1-softathome1-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=xz7Ky/v1xAhl5w9yZlwea9wTQmCrSEEZWhcWb5DFnfk=; b=Y7/Hr1FXEC4FgzoNNdf3KPv/RlglmvXQmaeba3zoraqFo41KhYuRd4c2QJhiVI80FTyx5fTt1pB6ti5Olq6LW1m+J9UYnUm7DrsyycbTu2ptX4A7gN4sGZp6dLV6iWamUP0w9jb6RU6BYS5unxFxN01Lw6S0otA8UEfGNK8n/YJarCB+NpZi8w/ZW1fVN4yv5jtoI8jKKfCb4zTcg7BrCG1h85bDI0IyD87wsLAco//uRFnTwdgzuO7o6GXQ9I8BjWuLJFnmfTc73yb2naS8RgC0e8uMPolahImZZG60LfjWaJYdfre3ocZW0uypeepz9cs95s3Kt7UiKKVUeVwhdA== Received: from PR0P264CA0283.FRAP264.PROD.OUTLOOK.COM (2603:10a6:100:1::31) by PAZP264MB2734.FRAP264.PROD.OUTLOOK.COM (2603:10a6:102:1f2::21) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.5102.17; Mon, 28 Mar 2022 20:57:14 +0000 Received: from MR2FRA01FT016.eop-fra01.prod.protection.outlook.com (2603:10a6:100:1:cafe::61) by PR0P264CA0283.outlook.office365.com (2603:10a6:100:1::31) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.5102.17 via Frontend Transport; Mon, 28 Mar 2022 20:57:14 +0000 X-MS-Exchange-Authentication-Results: spf=pass (sender IP is 149.6.166.170) smtp.mailfrom=softathome.com; dkim=none (message not signed) header.d=none;dmarc=bestguesspass action=none header.from=softathome.com; Received-SPF: Pass (protection.outlook.com: domain of softathome.com designates 149.6.166.170 as permitted sender) receiver=protection.outlook.com; client-ip=149.6.166.170; helo=proxy.softathome.com; Received: from proxy.softathome.com (149.6.166.170) by MR2FRA01FT016.mail.protection.outlook.com (10.152.50.130) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.5102.17 via Frontend Transport; Mon, 28 Mar 2022 20:57:13 +0000 Received: from localhost.localdomain (unknown [192.168.72.32]) by proxy.softathome.com (Postfix) with ESMTPSA id 1943520116; Mon, 28 Mar 2022 22:57:12 +0200 (CEST) From: Philippe Reynes To: sjg@chromium.org, rasmus.villemoes@prevas.dk Cc: u-boot@lists.denx.de, Philippe Reynes Subject: [PATCH v8 06/15] lib: rsa: allow rsa verify with pkey in SPL Date: Mon, 28 Mar 2022 22:56:58 +0200 Message-Id: <20220328205707.348270-7-philippe.reynes@softathome.com> X-Mailer: git-send-email 2.25.1 In-Reply-To: <20220328205707.348270-1-philippe.reynes@softathome.com> References: <20220328205707.348270-1-philippe.reynes@softathome.com> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-EOPAttributedMessage: 0 X-MS-PublicTrafficType: Email Content-Type: text/plain X-MS-Office365-Filtering-Correlation-Id: 688cd6f7-27f7-42f6-68ee-08da10fd88b8 X-MS-TrafficTypeDiagnostic: PAZP264MB2734:EE_ X-Microsoft-Antispam-PRVS: X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: MBLIPbHPLIC3T6ambMBEvT1KYpMBrlqX+swCyR3y8JtmR60C10apaqnML9FOe/Xh2w1cIV2kNvEWkMwz/gAEj1b3OSfydkltY/xcdKchvbRxJcRX4qFwYSW9QMSYgrdj1vDhpHMy0CvSOypnois+HWSOAtbLLadb0mxz05qP+9z9TDAmKWccrHeIZIWelefACR9FLiwsxJAlGj/k8We4Qsq+L+I4q8fjolxSBf2mBQA4Vqw45/+SlSG2Sqr563oSNfcAY/kM8LX/Fzrj/LzQ4FGcTPy3o30jCurTy9jf6VR0MLiXN2u7TDSqKi8T8OrdZUkVSiNqwFcKgDOfz/EWrCF1g7sVrA0ajWOok/eL5g48Dl2klrUV/xqjoZaDu1sdsAxDsz4SFWc4ujMbQchf8S5zc4uUu/XTlrhwXCgLG38PYzsT/3vTig6XPcj3Q8jf6wqpfye8V4v5Mq7YRAME6nAu0ndITj6Vysp3edMEsQL+EIC7kmC7xjOnOsrijLfjCxUpshFhnWQHjzlFzNgomdROofswBu+1B1YkVmaRQ14L7kN4lWcodX9Cq59vCWO920yTj6FuNcpttiCjwxerfIBLt2vkXJT1atrBfEg4/RDgPd6wnh5sjC6wdt8Gc8aXf3gT988BUw1sLrxj4y38VWoqYDZ44vrvp+/5YinVt6oFOo2KPJBhOCEfvCrJ9sB4Vieu5YtAcu2kYusiEaVyqA== X-Forefront-Antispam-Report: CIP:149.6.166.170; CTRY:FR; LANG:en; SCL:1; SRV:; IPV:CAL; SFV:NSPM; H:proxy.softathome.com; PTR:InfoDomainNonexistent; CAT:NONE; SFS:(13230001)(4636009)(46966006)(36840700001)(40470700004)(81166007)(83380400001)(5660300002)(47076005)(2906002)(426003)(36860700001)(2616005)(508600001)(40460700003)(82960400001)(6966003)(356005)(86362001)(44832011)(70206006)(26005)(36756003)(82310400004)(1076003)(15650500001)(8676002)(336012)(8936002)(6666004)(6266002)(107886003)(4326008)(316002)(70586007)(186003)(36900700001); DIR:OUT; SFP:1101; X-OriginatorOrg: softathome.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 28 Mar 2022 20:57:13.2122 (UTC) X-MS-Exchange-CrossTenant-Network-Message-Id: 688cd6f7-27f7-42f6-68ee-08da10fd88b8 X-MS-Exchange-CrossTenant-Id: aa10e044-e405-4c10-8353-36b4d0cce511 X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=aa10e044-e405-4c10-8353-36b4d0cce511; Ip=[149.6.166.170]; Helo=[proxy.softathome.com] X-MS-Exchange-CrossTenant-AuthSource: MR2FRA01FT016.eop-fra01.prod.protection.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Anonymous X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem X-MS-Exchange-Transport-CrossTenantHeadersStamped: PAZP264MB2734 X-BeenThere: u-boot@lists.denx.de X-Mailman-Version: 2.1.39 Precedence: list List-Id: U-Boot discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: u-boot-bounces@lists.denx.de Sender: "U-Boot" X-Virus-Scanned: clamav-milter 0.103.5 at phobos.denx.de X-Virus-Status: Clean This commit adds the option SPL_RSA_VERIFY_WITH_PKEY. Reviewed-by: Simon Glass Signed-off-by: Philippe Reynes --- lib/rsa/Kconfig | 19 +++++++++++++++++++ 1 file changed, 19 insertions(+) diff --git a/lib/rsa/Kconfig b/lib/rsa/Kconfig index be9775bcce..b773f17c26 100644 --- a/lib/rsa/Kconfig +++ b/lib/rsa/Kconfig @@ -47,6 +47,25 @@ config RSA_VERIFY_WITH_PKEY directly specified in image_sign_info, where all the necessary key properties will be calculated on the fly in verification code. +config SPL_RSA_VERIFY_WITH_PKEY + bool "Execute RSA verification without key parameters from FDT within SPL" + depends on SPL + select SPL_RSA_VERIFY + select SPL_ASYMMETRIC_KEY_TYPE + select SPL_ASYMMETRIC_PUBLIC_KEY_SUBTYPE + select SPL_RSA_PUBLIC_KEY_PARSER + help + The standard RSA-signature verification code (FIT_SIGNATURE) uses + pre-calculated key properties, that are stored in fdt blob, in + decrypting a signature. + This does not suit the use case where there is no way defined to + provide such additional key properties in standardized form, + particularly UEFI secure boot. + This options enables RSA signature verification with a public key + directly specified in image_sign_info, where all the necessary + key properties will be calculated on the fly in verification code + in the SPL. + config RSA_SOFTWARE_EXP bool "Enable driver for RSA Modular Exponentiation in software" depends on DM -- 2.25.1