[U-Boot] [PATCH] RSA depends on DM

[U-Boot] [PATCH] RSA depends on DM

[Chris Kuethe]

Discovered while experimenting with signature checking on vexpress
which doesn't typically use DM. Rather than complaining about unmet
dependencies it might be better to enable those them.

---
 lib/rsa/Kconfig | 1 +
 1 file changed, 1 insertion(+)

diff --git a/lib/rsa/Kconfig b/lib/rsa/Kconfig
index 1268a1b..4db5da4 100644
--- a/lib/rsa/Kconfig
+++ b/lib/rsa/Kconfig
@@ -2,6 +2,7 @@ config RSA
  bool "Use RSA Library"
  select RSA_FREESCALE_EXP if FSL_CAAM
  select RSA_SOFTWARE_EXP if !RSA_FREESCALE_EXP
+ select DM
  help
   RSA support. This enables the RSA algorithm used for FIT image
   verification in U-Boot.
-- 
2.1.0


-- 
GDB has a 'break' feature; why doesn't it have 'fix' too?

[U-Boot] [PATCH] RSA depends on DM

[Simon Glass]

+Masahiro

Hi Chris,

On 3 February 2015 at 00:42, Chris Kuethe <chris.kuethe@gmail.com> wrote:
> Discovered while experimenting with signature checking on vexpress
> which doesn't typically use DM. Rather than complaining about unmet
> dependencies it might be better to enable those them.
>
> ---
>  lib/rsa/Kconfig | 1 +
>  1 file changed, 1 insertion(+)
>
> diff --git a/lib/rsa/Kconfig b/lib/rsa/Kconfig
> index 1268a1b..4db5da4 100644
> --- a/lib/rsa/Kconfig
> +++ b/lib/rsa/Kconfig
> @@ -2,6 +2,7 @@ config RSA
>   bool "Use RSA Library"
>   select RSA_FREESCALE_EXP if FSL_CAAM
>   select RSA_SOFTWARE_EXP if !RSA_FREESCALE_EXP
> + select DM
>   help
>    RSA support. This enables the RSA algorithm used for FIT image
>    verification in U-Boot.

I wonder whether 'depends on DM' might be better? It seems odd to have
the tail wagging the dog.

Regards,
Simon

[U-Boot] [PATCH] RSA depends on DM

[Chris Kuethe]

On Tue, Feb 3, 2015 at 4:38 PM, Simon Glass <sjg@chromium.org> wrote:
> +Masahiro
>
> Hi Chris,
>
> On 3 February 2015 at 00:42, Chris Kuethe <chris.kuethe@gmail.com> wrote:
>> Discovered while experimenting with signature checking on vexpress
>> which doesn't typically use DM. Rather than complaining about unmet
>> dependencies it might be better to enable those them.
>>
>> ---
>>  lib/rsa/Kconfig | 1 +
>>  1 file changed, 1 insertion(+)
>>
>> diff --git a/lib/rsa/Kconfig b/lib/rsa/Kconfig
>> index 1268a1b..4db5da4 100644
>> --- a/lib/rsa/Kconfig
>> +++ b/lib/rsa/Kconfig
>> @@ -2,6 +2,7 @@ config RSA
>>   bool "Use RSA Library"
>>   select RSA_FREESCALE_EXP if FSL_CAAM
>>   select RSA_SOFTWARE_EXP if !RSA_FREESCALE_EXP
>> + select DM
>>   help
>>    RSA support. This enables the RSA algorithm used for FIT image
>>    verification in U-Boot.
>
> I wonder whether 'depends on DM' might be better? It seems odd to have
> the tail wagging the dog.
>
> Regards,
> Simon

No, that would not be better because a few lines down,
RSA_SOFTWARE_EXP and RSA_FREESCALE_EXP both say "depends on DM" but
they don't actually enable it if they need it.

As a user, my expectation is that when I turn on some high level
feature, that will enable all of its lower level dependencies. Would
it be less strange to make FIT_SIGNATURE turn on DM instead of RSA?

-- 
GDB has a 'break' feature; why doesn't it have 'fix' too?

[U-Boot] [PATCH] RSA depends on DM

[Simon Glass]

Hi Chris,

On 3 February 2015 at 17:57, Chris Kuethe <chris.kuethe@gmail.com> wrote:
> On Tue, Feb 3, 2015 at 4:38 PM, Simon Glass <sjg@chromium.org> wrote:
>> +Masahiro
>>
>> Hi Chris,
>>
>> On 3 February 2015 at 00:42, Chris Kuethe <chris.kuethe@gmail.com> wrote:
>>> Discovered while experimenting with signature checking on vexpress
>>> which doesn't typically use DM. Rather than complaining about unmet
>>> dependencies it might be better to enable those them.
>>>
>>> ---
>>>  lib/rsa/Kconfig | 1 +
>>>  1 file changed, 1 insertion(+)
>>>
>>> diff --git a/lib/rsa/Kconfig b/lib/rsa/Kconfig
>>> index 1268a1b..4db5da4 100644
>>> --- a/lib/rsa/Kconfig
>>> +++ b/lib/rsa/Kconfig
>>> @@ -2,6 +2,7 @@ config RSA
>>>   bool "Use RSA Library"
>>>   select RSA_FREESCALE_EXP if FSL_CAAM
>>>   select RSA_SOFTWARE_EXP if !RSA_FREESCALE_EXP
>>> + select DM
>>>   help
>>>    RSA support. This enables the RSA algorithm used for FIT image
>>>    verification in U-Boot.
>>
>> I wonder whether 'depends on DM' might be better? It seems odd to have
>> the tail wagging the dog.
>>
>> Regards,
>> Simon
>
> No, that would not be better because a few lines down,
> RSA_SOFTWARE_EXP and RSA_FREESCALE_EXP both say "depends on DM" but
> they don't actually enable it if they need it.
>
> As a user, my expectation is that when I turn on some high level
> feature, that will enable all of its lower level dependencies. Would
> it be less strange to make FIT_SIGNATURE turn on DM instead of RSA?

We certainly must avoid the build break.

My concern is that CONFIG_DM may introduce a run-time break. For
example if you don't have pre-relocation malloc() available the board
may not boot. Driver model is a fundamental core feature, and we are
working to move everything over to it, but I'm not quite comfortable
with forcing it on when someone changes a feature. It feel it would be
better to not offer it.

I'm interested to hear other viewpoints though.

Perhaps soon we can enable CONFIG_DM globally but we are not there yet.

Regards,
Simon

[U-Boot] [PATCH] RSA depends on DM

[Chris Kuethe]

On Tue, Feb 3, 2015 at 5:01 PM, Simon Glass <sjg@chromium.org> wrote:
> We certainly must avoid the build break.
>
> My concern is that CONFIG_DM may introduce a run-time break. For
> example if you don't have pre-relocation malloc() available the board
> may not boot. Driver model is a fundamental core feature, and we are
> working to move everything over to it, but I'm not quite comfortable
> with forcing it on when someone changes a feature. It feel it would be
> better to not offer it.
>
> I'm interested to hear other viewpoints though.
>
> Perhaps soon we can enable CONFIG_DM globally but we are not there yet.


I appreciate the caution.

For now, vexpress works with qemu which means I can get back to
playing with verified boot. I haven't checked to see if it's possible
to make RSA not always require DM - I defer to those who know the code
better than I do.

-C

-- 
GDB has a 'break' feature; why doesn't it have 'fix' too?

[U-Boot] [PATCH] RSA depends on DM

[Robert Moskowitz]

Of course there is the meta question of why RSA sig is still being used 
rather than ECDSA.

As a crypto plumber, I occationally wonder why we perpetuate need of 
large, slow RSA keys over ECC.  Perhaps the patent concerns even with 
RFC 6090.

I will shut up and let you to your important work of getting all this 
wonderful support working in uboot.

On 02/03/2015 08:01 PM, Simon Glass wrote:
> Hi Chris,
>
> On 3 February 2015 at 17:57, Chris Kuethe <chris.kuethe@gmail.com> wrote:
>> On Tue, Feb 3, 2015 at 4:38 PM, Simon Glass <sjg@chromium.org> wrote:
>>> +Masahiro
>>>
>>> Hi Chris,
>>>
>>> On 3 February 2015 at 00:42, Chris Kuethe <chris.kuethe@gmail.com> wrote:
>>>> Discovered while experimenting with signature checking on vexpress
>>>> which doesn't typically use DM. Rather than complaining about unmet
>>>> dependencies it might be better to enable those them.
>>>>
>>>> ---
>>>>   lib/rsa/Kconfig | 1 +
>>>>   1 file changed, 1 insertion(+)
>>>>
>>>> diff --git a/lib/rsa/Kconfig b/lib/rsa/Kconfig
>>>> index 1268a1b..4db5da4 100644
>>>> --- a/lib/rsa/Kconfig
>>>> +++ b/lib/rsa/Kconfig
>>>> @@ -2,6 +2,7 @@ config RSA
>>>>    bool "Use RSA Library"
>>>>    select RSA_FREESCALE_EXP if FSL_CAAM
>>>>    select RSA_SOFTWARE_EXP if !RSA_FREESCALE_EXP
>>>> + select DM
>>>>    help
>>>>     RSA support. This enables the RSA algorithm used for FIT image
>>>>     verification in U-Boot.
>>> I wonder whether 'depends on DM' might be better? It seems odd to have
>>> the tail wagging the dog.
>>>
>>> Regards,
>>> Simon
>> No, that would not be better because a few lines down,
>> RSA_SOFTWARE_EXP and RSA_FREESCALE_EXP both say "depends on DM" but
>> they don't actually enable it if they need it.
>>
>> As a user, my expectation is that when I turn on some high level
>> feature, that will enable all of its lower level dependencies. Would
>> it be less strange to make FIT_SIGNATURE turn on DM instead of RSA?
> We certainly must avoid the build break.
>
> My concern is that CONFIG_DM may introduce a run-time break. For
> example if you don't have pre-relocation malloc() available the board
> may not boot. Driver model is a fundamental core feature, and we are
> working to move everything over to it, but I'm not quite comfortable
> with forcing it on when someone changes a feature. It feel it would be
> better to not offer it.
>
> I'm interested to hear other viewpoints though.
>
> Perhaps soon we can enable CONFIG_DM globally but we are not there yet.
>
> Regards,
> Simon
> _______________________________________________
> U-Boot mailing list
> U-Boot at lists.denx.de
> http://lists.denx.de/mailman/listinfo/u-boot

[U-Boot] [PATCH] RSA depends on DM

[Albert ARIBAUD]

Hello Simon,

On Tue, 3 Feb 2015 18:01:49 -0700, Simon Glass <sjg@chromium.org> wrote:
> Hi Chris,
> 
> On 3 February 2015 at 17:57, Chris Kuethe <chris.kuethe@gmail.com> wrote:
> > On Tue, Feb 3, 2015 at 4:38 PM, Simon Glass <sjg@chromium.org> wrote:
> >> +Masahiro
> >>
> >> Hi Chris,
> >>
> >> On 3 February 2015 at 00:42, Chris Kuethe <chris.kuethe@gmail.com> wrote:
> >>> Discovered while experimenting with signature checking on vexpress
> >>> which doesn't typically use DM. Rather than complaining about unmet
> >>> dependencies it might be better to enable those them.
> >>>
> >>> ---
> >>>  lib/rsa/Kconfig | 1 +
> >>>  1 file changed, 1 insertion(+)
> >>>
> >>> diff --git a/lib/rsa/Kconfig b/lib/rsa/Kconfig
> >>> index 1268a1b..4db5da4 100644
> >>> --- a/lib/rsa/Kconfig
> >>> +++ b/lib/rsa/Kconfig
> >>> @@ -2,6 +2,7 @@ config RSA
> >>>   bool "Use RSA Library"
> >>>   select RSA_FREESCALE_EXP if FSL_CAAM
> >>>   select RSA_SOFTWARE_EXP if !RSA_FREESCALE_EXP
> >>> + select DM
> >>>   help
> >>>    RSA support. This enables the RSA algorithm used for FIT image
> >>>    verification in U-Boot.
> >>
> >> I wonder whether 'depends on DM' might be better? It seems odd to have
> >> the tail wagging the dog.
> >>
> >> Regards,
> >> Simon
> >
> > No, that would not be better because a few lines down,
> > RSA_SOFTWARE_EXP and RSA_FREESCALE_EXP both say "depends on DM" but
> > they don't actually enable it if they need it.
> >
> > As a user, my expectation is that when I turn on some high level
> > feature, that will enable all of its lower level dependencies. Would
> > it be less strange to make FIT_SIGNATURE turn on DM instead of RSA?
> 
> We certainly must avoid the build break.
> 
> My concern is that CONFIG_DM may introduce a run-time break.

I can tell it does. :)

> For example if you don't have pre-relocation malloc() available the
> board may not boot. Driver model is a fundamental core feature, and we
> are working to move everything over to it, but I'm not quite comfortable
> with forcing it on when someone changes a feature. It feel it would be
> better to not offer it.
> 
> I'm interested to hear other viewpoints though.

Agreed for me: no board should have DM enabled 'behind its back'.

If RSA depends on DM, then the make menuconfig user should be unable to
select RSA unless and until (s)he has selected DM (and the RSA help
should make it clear that the board must support DM, and that just
enabling CONFIG_DM probably won't be enough).

> Perhaps soon we can enable CONFIG_DM globally but we are not there yet.
>
> Regards,
> Simon

Amicalement,
-- 
Albert.

[U-Boot] [PATCH] RSA depends on DM

[Simon Glass]

Hi Chris,

On 4 February 2015 at 00:47, Albert ARIBAUD <albert.u.boot@aribaud.net> wrote:
> Hello Simon,
>
> On Tue, 3 Feb 2015 18:01:49 -0700, Simon Glass <sjg@chromium.org> wrote:
>> Hi Chris,
>>
>> On 3 February 2015 at 17:57, Chris Kuethe <chris.kuethe@gmail.com> wrote:
>> > On Tue, Feb 3, 2015 at 4:38 PM, Simon Glass <sjg@chromium.org> wrote:
>> >> +Masahiro
>> >>
>> >> Hi Chris,
>> >>
>> >> On 3 February 2015 at 00:42, Chris Kuethe <chris.kuethe@gmail.com> wrote:
>> >>> Discovered while experimenting with signature checking on vexpress
>> >>> which doesn't typically use DM. Rather than complaining about unmet
>> >>> dependencies it might be better to enable those them.
>> >>>
>> >>> ---
>> >>>  lib/rsa/Kconfig | 1 +
>> >>>  1 file changed, 1 insertion(+)
>> >>>
>> >>> diff --git a/lib/rsa/Kconfig b/lib/rsa/Kconfig
>> >>> index 1268a1b..4db5da4 100644
>> >>> --- a/lib/rsa/Kconfig
>> >>> +++ b/lib/rsa/Kconfig
>> >>> @@ -2,6 +2,7 @@ config RSA
>> >>>   bool "Use RSA Library"
>> >>>   select RSA_FREESCALE_EXP if FSL_CAAM
>> >>>   select RSA_SOFTWARE_EXP if !RSA_FREESCALE_EXP
>> >>> + select DM
>> >>>   help
>> >>>    RSA support. This enables the RSA algorithm used for FIT image
>> >>>    verification in U-Boot.
>> >>
>> >> I wonder whether 'depends on DM' might be better? It seems odd to have
>> >> the tail wagging the dog.
>> >>
>> >> Regards,
>> >> Simon
>> >
>> > No, that would not be better because a few lines down,
>> > RSA_SOFTWARE_EXP and RSA_FREESCALE_EXP both say "depends on DM" but
>> > they don't actually enable it if they need it.
>> >
>> > As a user, my expectation is that when I turn on some high level
>> > feature, that will enable all of its lower level dependencies. Would
>> > it be less strange to make FIT_SIGNATURE turn on DM instead of RSA?
>>
>> We certainly must avoid the build break.
>>
>> My concern is that CONFIG_DM may introduce a run-time break.
>
> I can tell it does. :)
>
>> For example if you don't have pre-relocation malloc() available the
>> board may not boot. Driver model is a fundamental core feature, and we
>> are working to move everything over to it, but I'm not quite comfortable
>> with forcing it on when someone changes a feature. It feel it would be
>> better to not offer it.
>>
>> I'm interested to hear other viewpoints though.
>
> Agreed for me: no board should have DM enabled 'behind its back'.
>
> If RSA depends on DM, then the make menuconfig user should be unable to
> select RSA unless and until (s)he has selected DM (and the RSA help
> should make it clear that the board must support DM, and that just
> enabling CONFIG_DM probably won't be enough).
>
>> Perhaps soon we can enable CONFIG_DM globally but we are not there yet.

Can you please adjust your patch to depend on DM rather than select it?

It was me that requested that RSA should require DM, because we should
not be adding new driver frameworks that don't use DM.

Regards,
Simon

[U-Boot] [PATCH] RSA depends on DM

[Chris Kuethe]

Discovered while experimenting with signature checking on vexpress
which doesn't typically use DM.
---
 Kconfig | 1 +
 1 file changed, 1 insertion(+)

diff --git a/Kconfig b/Kconfig
index fed488f..8090790 100644
--- a/Kconfig
+++ b/Kconfig
@@ -118,6 +118,7 @@ config FIT_VERBOSE
 config FIT_SIGNATURE
  bool "Enable signature verification of FIT uImages"
  depends on FIT
+ depends on DM
  select RSA
  help
   This option enables signature verification of FIT uImages,
-- 
2.1.0


-- 
GDB has a 'break' feature; why doesn't it have 'fix' too?

[U-Boot] [PATCH] RSA depends on DM

[Simon Glass]

On 4 February 2015 at 20:16, Chris Kuethe <chris.kuethe@gmail.com> wrote:
> Discovered while experimenting with signature checking on vexpress
> which doesn't typically use DM.
> ---
>  Kconfig | 1 +
>  1 file changed, 1 insertion(+)

Acked-by: Simon Glass <sjg@chromium.org>

[U-Boot] [PATCH] RSA depends on DM

[Simon Glass]

On 4 February 2015 at 20:26, Simon Glass <sjg@chromium.org> wrote:
> On 4 February 2015 at 20:16, Chris Kuethe <chris.kuethe@gmail.com> wrote:
>> Discovered while experimenting with signature checking on vexpress
>> which doesn't typically use DM.
>> ---
>>  Kconfig | 1 +
>>  1 file changed, 1 insertion(+)
>
> Acked-by: Simon Glass <sjg@chromium.org>

Applied to u-boot-dm, thanks!