From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id CE4DAC433EF for ; Sun, 26 Sep 2021 01:46:47 +0000 (UTC) Received: from phobos.denx.de (phobos.denx.de [85.214.62.61]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPS id 51A4D61090 for ; Sun, 26 Sep 2021 01:46:47 +0000 (UTC) DMARC-Filter: OpenDMARC Filter v1.4.1 mail.kernel.org 51A4D61090 Authentication-Results: mail.kernel.org; dmarc=fail (p=none dis=none) header.from=chromium.org Authentication-Results: mail.kernel.org; spf=pass smtp.mailfrom=lists.denx.de Received: from h2850616.stratoserver.net (localhost [IPv6:::1]) by phobos.denx.de (Postfix) with ESMTP id 3E066835C0; Sun, 26 Sep 2021 03:46:20 +0200 (CEST) Authentication-Results: phobos.denx.de; dmarc=pass (p=none dis=none) header.from=chromium.org Authentication-Results: phobos.denx.de; spf=pass smtp.mailfrom=u-boot-bounces@lists.denx.de Authentication-Results: phobos.denx.de; dkim=pass (1024-bit key; unprotected) header.d=chromium.org header.i=@chromium.org header.b="Kb9saGNl"; dkim-atps=neutral Received: by phobos.denx.de (Postfix, from userid 109) id 4DEDC83571; Sun, 26 Sep 2021 03:44:50 +0200 (CEST) Received: from mail-oo1-xc32.google.com (mail-oo1-xc32.google.com [IPv6:2607:f8b0:4864:20::c32]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits)) (No client certificate requested) by phobos.denx.de (Postfix) with ESMTPS id 736AA835C9 for ; Sun, 26 Sep 2021 03:44:07 +0200 (CEST) Authentication-Results: phobos.denx.de; dmarc=pass (p=none dis=none) header.from=chromium.org Authentication-Results: phobos.denx.de; spf=pass smtp.mailfrom=sjg@chromium.org Received: by mail-oo1-xc32.google.com with SMTP id e19-20020a4a7353000000b002b5a2c0d2b8so356736oof.3 for ; Sat, 25 Sep 2021 18:44:07 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=chromium.org; s=google; h=from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding; bh=pdQ9GFMmSK9DAiqVdQHLtWrwg5kS0gjSeOfyMP3BA+8=; b=Kb9saGNlsH0aEMZ6p6QrPApir9n1+pQrQrAYQgAWXpBeXono+H7oVf4XeqHWcoZNYS Me22Tp7T4BRmNTr/ZuxXYL0gXBhup14eBalXYcYi72lBNoYgmdwIsoWhLmKS3/p9vrjy 51cwGdRhxYZaRTh5/DMg4ad21Y7s28MwxrpuE= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=pdQ9GFMmSK9DAiqVdQHLtWrwg5kS0gjSeOfyMP3BA+8=; b=qPIgcYf8ETS8CvKkIgbYimh9NPXLUEy9j6CeOJ/pYzFT4j3TM9bTLQPQTsHW3ghfNn E6c5hHTf6vpZmLFHxbYUwsMS21T9eR3fe7bo9TzxvcM1MXsBeRHJQPCHnieN8cEhU1RF /0RuLXkJezmTebAorMfgg1oNtHibmS/x+70dvCXlRw/dSqLbqOKt3BY5RCV270GSQCNE Ttot8zeYbwFQ3M2C756o3oZPUTK8kVNM9PySjjVszobWu3SjVgw3gEcraKR1p8e6mR08 At/uZNY6q6phVGODlc2HXeHCcbYE0oMeqXKU9noqIc+9h06bpbzmjgmz3eKXyOzwq3Tk cbNg== X-Gm-Message-State: AOAM533oRc98oEdq2H0E/GltrVdjLbT3E/Rd59madz+MTCrTDQ75B51g Za70UeNAvjyEpiX0ZBTPCSY+Sb+ILgiyHQ== X-Google-Smtp-Source: ABdhPJzdp+exn8qVKXnnjAmBHoaRD3UQzWBlhMOxmeSF9eEg2mNjaDvxxkHL8E8+OL442LyxkB3ZUA== X-Received: by 2002:a4a:970a:: with SMTP id u10mr554758ooi.74.1632620645885; Sat, 25 Sep 2021 18:44:05 -0700 (PDT) Received: from kiwi.bld.corp.google.com (c-67-190-101-114.hsd1.co.comcast.net. [67.190.101.114]) by smtp.gmail.com with ESMTPSA id c18sm330378otr.72.2021.09.25.18.44.05 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Sat, 25 Sep 2021 18:44:05 -0700 (PDT) From: Simon Glass To: U-Boot Mailing List Cc: Alexandru Gagniuc , Andre Przywara , Rasmus Villemoes , Robert Marko , Masahiro Yamada , Tom Rini , Simon Glass , Alexander Graf Subject: [PATCH v5 16/29] efi: Correct dependency on FIT_SIGNATURE Date: Sat, 25 Sep 2021 19:43:29 -0600 Message-Id: <20210926014342.127913-10-sjg@chromium.org> X-Mailer: git-send-email 2.33.0.685.g46640cef36-goog In-Reply-To: <20210926014342.127913-1-sjg@chromium.org> References: <20210926014342.127913-1-sjg@chromium.org> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-BeenThere: u-boot@lists.denx.de X-Mailman-Version: 2.1.34 Precedence: list List-Id: U-Boot discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: u-boot-bounces@lists.denx.de Sender: "U-Boot" X-Virus-Scanned: clamav-milter 0.103.2 at phobos.denx.de X-Virus-Status: Clean At present EFI_SECURE BOOT selects RSA but does not necessarily enable FIT_SIGNATURE. Mostly this is fine, but a few boards do not enable it, so U-Boot tries to do RSA verification when loading FIT images, but it is not enabled. This worked because the condition for checking the RSA signature is wrong in the fit_image_verify_with_data() function. In order to fix it we need to fix this dependency. Make sure that FIT_SIGNATURE is enabled so that RSA can be used. It might be better to avoid using 'select' in this situation. Signed-off-by: Simon Glass --- (no changes since v1) lib/efi_loader/Kconfig | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lib/efi_loader/Kconfig b/lib/efi_loader/Kconfig index 14bf5f7e92e..c1cc143f354 100644 --- a/lib/efi_loader/Kconfig +++ b/lib/efi_loader/Kconfig @@ -343,7 +343,7 @@ config EFI_LOAD_FILE2_INITRD config EFI_SECURE_BOOT bool "Enable EFI secure boot support" - depends on EFI_LOADER + depends on EFI_LOADER && FIT_SIGNATURE select HASH select SHA256 select RSA -- 2.33.0.685.g46640cef36-goog