efi: Correct dependency on FIT_SIGNATURE

At present EFI_SECURE BOOT selects RSA but does not necessarily enable
FIT_SIGNATURE. Mostly this is fine, but a few boards do not enable it,
so U-Boot tries to do RSA verification when loading FIT images, but it
is not enabled.

This worked because the condition for checking the RSA signature is
wrong in the fit_image_verify_with_data() function. In order to fix it
we need to fix this dependency. Make sure that FIT_SIGNATURE is enabled
so that RSA can be used.

It might be better to avoid using 'select' in this situation.

Signed-off-by: Simon Glass <sjg@chromium.org>

diff --git a/lib/efi_loader/Kconfig b/lib/efi_loader/Kconfig
index 3d5a5cd..83d584a 100644 (file)
--- a/lib/efi_loader/Kconfig
+++ b/lib/efi_loader/Kconfig
@@ -336,7 +336,7 @@ config EFI_LOAD_FILE2_INITRD
 
 config EFI_SECURE_BOOT
        bool "Enable EFI secure boot support"
-       depends on EFI_LOADER
+       depends on EFI_LOADER && FIT_SIGNATURE
        select HASH
        select SHA256
        select RSA