[PATCH v2 37/50] image: Drop IMAGE_ENABLE_SIGN/VERIFY defines

From: Simon Glass <sjg@chromium.org>
To: u-boot@lists.denx.de
Subject: [PATCH v2 37/50] image: Drop IMAGE_ENABLE_SIGN/VERIFY defines
Date: Sat, 15 May 2021 09:20:24 -0600	[thread overview]
Message-ID: <CAPnjgZ1tn+ud+rxxqqpX_R8ekwNE435PBx19U_tp=E8WoRA0pA@mail.gmail.com> (raw)
In-Reply-To: <e13360af-f381-71ee-31d4-eb40ffb4255b@gmail.com>

Hi Alex,

On Fri, 14 May 2021 at 15:17, Alex G. <mr.nuke.me@gmail.com> wrote:
>
>
>
> On 5/14/21 3:44 PM, Simon Glass wrote:
> > Hi Alex,
> >
> > On Fri, 14 May 2021 at 14:38, Alex G. <mr.nuke.me@gmail.com> wrote:
> >>
> >>
> >>
> >> On 5/6/21 9:24 AM, Simon Glass wrote:
> >>> Add host Kconfigs for FIT_SIGN and RSA_VERIFY. With these we can
> >>> use CONFIG_IS_ENABLED() directly in the host build, so drop the
> >>> unnecessary indirections IMAGE_ENABLE_SIGN and HOST_RSA_VERIFY.
> >>> Also drop FIT_IMAGE_ENABLE_VERIFY which is not actually used.
> >>>
> >>> Leave IMAGE_ENABLE_VERIFY_ECDSA along since this feature is
> >>> incomplete and needs to be integrated with RSA.
> >>>
> >>> Signed-off-by: Simon Glass <sjg@chromium.org> ---
> >>>
> >>> (no changes since v1)
> >>>
> >>> common/image-fit.c     |  6 +++--- common/image-sig.c     | 10
> >>> +++++----- include/image.h        | 13 ++-----------
> >>> include/u-boot/ecdsa.h |  2 +- include/u-boot/rsa.h   |  4 ++--
> >>> tools/Kconfig          | 10 ++++++++++ tools/image-host.c     |
> >>> 4 ++-- 7 files changed, 25 insertions(+), 24 deletions(-)
> >>>
> >>> diff --git a/common/image-fit.c b/common/image-fit.c index
> >>> c13ff6bba24..e81a0858dc1 100644 --- a/common/image-fit.c +++
> >>> b/common/image-fit.c @@ -1301,7 +1301,7 @@ int
> >>> fit_image_verify_with_data(const void *fit, int image_noffset,
> >>> int ret;
> >>>
> >>> /* Verify all required signatures */ -     if
> >>> (FIT_IMAGE_ENABLE_VERIFY && +     if
> >>> (CONFIG_IS_ENABLED(RSA_VERIFY) &&
> >>
> >> NAK. Having verification depend directly on CONFIG_RSA_VERIFY will
> >> make adding ECDSA support that much more convoluted.
> >
> > Let me counter-NAK.
> >
> > The ECDSA needs to be integrated into the RSA stuff, as we have done
> > with hashing. E.g. CONFIG_VERIFY that enables the feature, with a
> > driver to select which methods are supported.
>
> Then why not add a CONFIG_(SPL_)VERIFY to this patch instead of
> replacing a common define with an algo-secific CONFIG?

That would be a separate series. CONFIG_RSA_VERIFY is not new and
adding an SPL / host version of it is the goal here.

>
> > I think I mentioned that in the original review.
>
> You did. Integrating ECDSA with RSA is orthogonal to ECDSA verification.
> I like the motivation behind this cosmetic series, but it is
> creating unnecessary complications to adding the ECDSA features.

RSA and ECDSA should have a common API on the board, with a linker
list. The sooner that happens (even with an dummy ECDSA impl), the
better.

>
>      "It is relatively straightforward to add new algorithms if required.
>       [...] If another algorithm is needed (such as DSA) then it can be
>       placed alongside rsa.c, and its functions added to the table in
>       image-sig.c also."
>
> That's from doc/uImage.FIT/signature.txt. Seems like we're changing goal
> posts as the balls are already in the air. I want to tone down this
> series, pick a few patches that I really like, combine them with some of
> my changes and submit a co-authored series with the uncontroversial changes.
>
> I posted a parallel series which eliminates IMAGE_ENABLE_VERIFY_ECDSA,
> and is far less intrusive. I was already trying to combine it with some
> patches in this series. Let's see how that goes

See above. The goal of my series is to remove #ifdefs from image code.
If your approach can do that, or some combination, that is fine with
me.

Regards,
SImon