From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 6E8AFC433F5 for ; Sat, 9 Oct 2021 01:44:59 +0000 (UTC) Received: from phobos.denx.de (phobos.denx.de [85.214.62.61]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPS id EA8B360FE8 for ; Sat, 9 Oct 2021 01:44:58 +0000 (UTC) DMARC-Filter: OpenDMARC Filter v1.4.1 mail.kernel.org EA8B360FE8 Authentication-Results: mail.kernel.org; dmarc=none (p=none dis=none) header.from=konsulko.com Authentication-Results: mail.kernel.org; spf=pass smtp.mailfrom=lists.denx.de Received: from h2850616.stratoserver.net (localhost [IPv6:::1]) by phobos.denx.de (Postfix) with ESMTP id 1296F836DF; Sat, 9 Oct 2021 03:42:24 +0200 (CEST) Authentication-Results: phobos.denx.de; dmarc=none (p=none dis=none) header.from=konsulko.com Authentication-Results: phobos.denx.de; spf=pass smtp.mailfrom=u-boot-bounces@lists.denx.de Authentication-Results: phobos.denx.de; dkim=pass (1024-bit key; unprotected) header.d=konsulko.com header.i=@konsulko.com header.b="qkhY3e2q"; dkim-atps=neutral Received: by phobos.denx.de (Postfix, from userid 109) id 11CC583661; Sat, 9 Oct 2021 03:41:06 +0200 (CEST) Received: from mail-qt1-x82c.google.com (mail-qt1-x82c.google.com [IPv6:2607:f8b0:4864:20::82c]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits)) (No client certificate requested) by phobos.denx.de (Postfix) with ESMTPS id E86D283665 for ; Sat, 9 Oct 2021 03:40:54 +0200 (CEST) Authentication-Results: phobos.denx.de; dmarc=none (p=none dis=none) header.from=konsulko.com Authentication-Results: phobos.denx.de; spf=pass smtp.mailfrom=trini@konsulko.com Received: by mail-qt1-x82c.google.com with SMTP id i1so10108336qtr.6 for ; Fri, 08 Oct 2021 18:40:54 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=konsulko.com; s=google; h=date:from:to:cc:subject:message-id:references:mime-version :content-disposition:in-reply-to; bh=05Ys80gqDKddWtpdGiqUIL6+XFhPGn781/aIYaAhmTA=; b=qkhY3e2qryzw5gWHEjunryW2wjSPNbg9JD52jNrhS9SVA1RlSuWYkP2wu6l6R1bm63 Fnvf2aAR1ZpRtKGbR+ysaO7uTsWzBcnscgfriJf8Z3mXmn22b1KnIq6VsP3gkZKriv9L NKVVVr994EgAxKgbj8lk+emwSX38qkLko5VSU= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:date:from:to:cc:subject:message-id:references :mime-version:content-disposition:in-reply-to; bh=05Ys80gqDKddWtpdGiqUIL6+XFhPGn781/aIYaAhmTA=; b=X9mbkyfpvyLws5EcoVsNqWUfrxPPQziKlgaCt2HFqIC05Gmb9AnZ6o0h1NPWR4Rka/ UjyJz7lesxmcDH8sNnAnKGQ4z4vfILqqn4qLjCoGkyVetLTu8TOC5XqJNCtpGSLNcKF0 6Co+J20N16kR7h/FjLc58GDIjYK1Z/8siZGrX7cS75bUdTEFWm2Hf0uzHPocts3LGjHg ZAJdeEY2RS5NW4Nr4pp7sAhUdi2b28+g02bLuXWlCQiiID1qkRIv5c37/YK2wsbtjK3Z iHHvix3yYucmVfHdYxOY2vAlUvUBd60uf+LP+zuUr88p/J8Ydx+YQ2VWsaz8mK0eU20G 4t3w== X-Gm-Message-State: AOAM531hOkmVU1ezh+r6q/zI/JjvSYx3crvMNKYzD7oTIK7Q69Umu6gP bPzUGVmaQ5c3R0Gx/3YbWrMnEw== X-Google-Smtp-Source: ABdhPJyaAgvEfeKDAHBxq9S4e5gwuV918MFb6LfouXbnlPvTNO8lZ9pVdxqu9yL9aFL6KTvKb3j5mA== X-Received: by 2002:ac8:7145:: with SMTP id h5mr1833856qtp.240.1633743653860; Fri, 08 Oct 2021 18:40:53 -0700 (PDT) Received: from bill-the-cat (2603-6081-7b01-cbda-1c00-ef41-79c3-ef5b.res6.spectrum.com. [2603:6081:7b01:cbda:1c00:ef41:79c3:ef5b]) by smtp.gmail.com with ESMTPSA id g4sm735426qtp.43.2021.10.08.18.40.52 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 08 Oct 2021 18:40:53 -0700 (PDT) Date: Fri, 8 Oct 2021 21:40:51 -0400 From: Tom Rini To: Simon Glass Cc: U-Boot Mailing List , Alexandru Gagniuc , Andre Przywara , Rasmus Villemoes , Robert Marko , Masahiro Yamada , Alexander Graf Subject: Re: [PATCH v5 16/29] efi: Correct dependency on FIT_SIGNATURE Message-ID: <20211009014051.GE7964@bill-the-cat> References: <20210926014342.127913-1-sjg@chromium.org> <20210926014342.127913-10-sjg@chromium.org> MIME-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha512; protocol="application/pgp-signature"; boundary="w6eK8LiNFwVbMpYg" Content-Disposition: inline In-Reply-To: <20210926014342.127913-10-sjg@chromium.org> X-Clacks-Overhead: GNU Terry Pratchett X-BeenThere: u-boot@lists.denx.de X-Mailman-Version: 2.1.34 Precedence: list List-Id: U-Boot discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: u-boot-bounces@lists.denx.de Sender: "U-Boot" X-Virus-Scanned: clamav-milter 0.103.2 at phobos.denx.de X-Virus-Status: Clean --w6eK8LiNFwVbMpYg Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Sat, Sep 25, 2021 at 07:43:29PM -0600, Simon Glass wrote: > At present EFI_SECURE BOOT selects RSA but does not necessarily enable > FIT_SIGNATURE. Mostly this is fine, but a few boards do not enable it, > so U-Boot tries to do RSA verification when loading FIT images, but it > is not enabled. >=20 > This worked because the condition for checking the RSA signature is > wrong in the fit_image_verify_with_data() function. In order to fix it > we need to fix this dependency. Make sure that FIT_SIGNATURE is enabled > so that RSA can be used. >=20 > It might be better to avoid using 'select' in this situation. >=20 > Signed-off-by: Simon Glass Applied to u-boot/master, thanks! --=20 Tom --w6eK8LiNFwVbMpYg Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iQGzBAABCgAdFiEEGjx/cOCPqxcHgJu/FHw5/5Y0tywFAmFg8yMACgkQFHw5/5Y0 tywY4Av/Rz2j/KB4xGUGOnCU281kAUfZe9EV9by4SH9emk/uAIKj4cAzInwKWdlu wYWjUWyrFR+aQzGg9nnwSiP4zq/U/iDnx7yYGQFT4AcJtAokf3VlmBexEgiago0A dyIF4FJ2/xTRczGDt2MV5u4rSCToZzeZqe2EadYZgpUgKYhwAsZo4sJus1efAmIV OKApi68QWSQMXKEb0h1QnBDzyBIIJQnsnAhoM8O8Dtvpt/pBcawdelVPBtbqaxbS o901M4x80AhJmP8CDpZQLjUmVWl2N4skQEXpAphPDApAGnHrd7bCCd5vEppEMRYP Pql3bwUnHDFLGObev8xM4XCbv4+SxHS5nDX+bMLh6z8LKJCPmju3yCiwJQW0xh+b VmtaEl7TsPuGNWkINOtQU8U9iikNrLmSFvjh0tJwJkPUZYys0T2dDAncNnAci0JB w1ODr+4IfpbHc7X96kxTxQloyTiNFBboZXTpcqYjEm3315TdRop9uNHhHBVTsFBH ckBinVtO =yIIP -----END PGP SIGNATURE----- --w6eK8LiNFwVbMpYg--