From f6bacf1d489090c8fca1d442cedd8902d8f5acec Mon Sep 17 00:00:00 2001 From: Philippe Reynes Date: Mon, 28 Mar 2022 22:56:58 +0200 Subject: [PATCH] lib: rsa: allow rsa verify with pkey in SPL This commit adds the option SPL_RSA_VERIFY_WITH_PKEY. Reviewed-by: Simon Glass Signed-off-by: Philippe Reynes --- lib/rsa/Kconfig | 19 +++++++++++++++++++ 1 file changed, 19 insertions(+) diff --git a/lib/rsa/Kconfig b/lib/rsa/Kconfig index be9775b..b773f17 100644 --- a/lib/rsa/Kconfig +++ b/lib/rsa/Kconfig @@ -47,6 +47,25 @@ config RSA_VERIFY_WITH_PKEY directly specified in image_sign_info, where all the necessary key properties will be calculated on the fly in verification code. +config SPL_RSA_VERIFY_WITH_PKEY + bool "Execute RSA verification without key parameters from FDT within SPL" + depends on SPL + select SPL_RSA_VERIFY + select SPL_ASYMMETRIC_KEY_TYPE + select SPL_ASYMMETRIC_PUBLIC_KEY_SUBTYPE + select SPL_RSA_PUBLIC_KEY_PARSER + help + The standard RSA-signature verification code (FIT_SIGNATURE) uses + pre-calculated key properties, that are stored in fdt blob, in + decrypting a signature. + This does not suit the use case where there is no way defined to + provide such additional key properties in standardized form, + particularly UEFI secure boot. + This options enables RSA signature verification with a public key + directly specified in image_sign_info, where all the necessary + key properties will be calculated on the fly in verification code + in the SPL. + config RSA_SOFTWARE_EXP bool "Enable driver for RSA Modular Exponentiation in software" depends on DM -- 2.7.4