Prepare v2023.10

[platform/kernel/u-boot.git] / lib / rsa / Kconfig

config RSA
        bool "Use RSA Library"
        select RSA_FREESCALE_EXP if FSL_CAAM && !ARCH_MX7 && !ARCH_MX7ULP && !ARCH_MX6 && !ARCH_MX5
        select RSA_ASPEED_EXP if ASPEED_ACRY
        select RSA_SOFTWARE_EXP if !RSA_FREESCALE_EXP && !RSA_ASPEED_EXP
        help
          RSA support. This enables the RSA algorithm used for FIT image
          verification in U-Boot.
          See doc/uImage.FIT/signature.txt for more details.
          The Modular Exponentiation algorithm in RSA is implemented using
          driver model. So CONFIG_DM needs to be enabled by default for this
          library to function.
          The signing part is build into mkimage regardless of this
          option. The software based modular exponentiation is built into
          mkimage irrespective of this option.

if RSA

config SPL_RSA
        bool "Use RSA Library within SPL"
        depends on SPL

config SPL_RSA_VERIFY
        bool
        depends on SPL_RSA
        help
          Add RSA signature verification support in SPL.

config RSA_VERIFY
        bool
        help
          Add RSA signature verification support.

config RSA_VERIFY_WITH_PKEY
        bool "Execute RSA verification without key parameters from FDT"
        select RSA_VERIFY
        select ASYMMETRIC_KEY_TYPE
        select ASYMMETRIC_PUBLIC_KEY_SUBTYPE
        select RSA_PUBLIC_KEY_PARSER
        help
          The standard RSA-signature verification code (FIT_SIGNATURE) uses
          pre-calculated key properties, that are stored in fdt blob, in
          decrypting a signature.
          This does not suit the use case where there is no way defined to
          provide such additional key properties in standardized form,
          particularly UEFI secure boot.
          This options enables RSA signature verification with a public key
          directly specified in image_sign_info, where all the necessary
          key properties will be calculated on the fly in verification code.

config SPL_RSA_VERIFY_WITH_PKEY
        bool "Execute RSA verification without key parameters from FDT within SPL"
        depends on SPL
        select SPL_RSA_VERIFY
        select SPL_ASYMMETRIC_KEY_TYPE
        select SPL_ASYMMETRIC_PUBLIC_KEY_SUBTYPE
        select SPL_RSA_PUBLIC_KEY_PARSER
        help
          The standard RSA-signature verification code (FIT_SIGNATURE) uses
          pre-calculated key properties, that are stored in fdt blob, in
          decrypting a signature.
          This does not suit the use case where there is no way defined to
          provide such additional key properties in standardized form,
          particularly UEFI secure boot.
          This options enables RSA signature verification with a public key
          directly specified in image_sign_info, where all the necessary
          key properties will be calculated on the fly in verification code
          in the SPL.

config RSA_SOFTWARE_EXP
        bool "Enable driver for RSA Modular Exponentiation in software"
        depends on DM
        help
          Enables driver for modular exponentiation in software. This is a RSA
          algorithm used in FIT image verification. It required RSA Key as
          input.
          See doc/uImage.FIT/signature.txt for more details.

config RSA_FREESCALE_EXP
        bool "Enable RSA Modular Exponentiation with FSL crypto accelerator"
        depends on DM && FSL_CAAM && !ARCH_MX7 && !ARCH_MX7ULP && !ARCH_MX6 && !ARCH_MX5
        help
        Enables driver for RSA modular exponentiation using Freescale cryptographic
        accelerator - CAAM.

config RSA_ASPEED_EXP
        bool "Enable RSA Modular Exponentiation with ASPEED crypto accelerator"
        depends on DM && ASPEED_ACRY
        help
        Enables driver for RSA modular exponentiation using ASPEED cryptographic
        accelerator - ACRY

endif