Re: [U-Boot] [PATCH] RSA depends on DM

Wed, 04 Feb 2015 01:28:17 -0800

Of course there is the meta question of why RSA sig is still being used rather than ECDSA.
As a crypto plumber, I occationally wonder why we perpetuate need of large, slow RSA keys over ECC. Perhaps the patent concerns even with RFC 6090. 


I will shut up and let you to your important work of getting all this 
wonderful support working in uboot.


On 02/03/2015 08:01 PM, Simon Glass wrote:

Hi Chris,

On 3 February 2015 at 17:57, Chris Kuethe <chris.kue...@gmail.com> wrote:

On Tue, Feb 3, 2015 at 4:38 PM, Simon Glass <s...@chromium.org> wrote:

+Masahiro

Hi Chris,

On 3 February 2015 at 00:42, Chris Kuethe <chris.kue...@gmail.com> wrote:

Discovered while experimenting with signature checking on vexpress
which doesn't typically use DM. Rather than complaining about unmet
dependencies it might be better to enable those them.

---
  lib/rsa/Kconfig | 1 +
  1 file changed, 1 insertion(+)

diff --git a/lib/rsa/Kconfig b/lib/rsa/Kconfig
index 1268a1b..4db5da4 100644
--- a/lib/rsa/Kconfig
+++ b/lib/rsa/Kconfig
@@ -2,6 +2,7 @@ config RSA
   bool "Use RSA Library"
   select RSA_FREESCALE_EXP if FSL_CAAM
   select RSA_SOFTWARE_EXP if !RSA_FREESCALE_EXP
+ select DM
   help
    RSA support. This enables the RSA algorithm used for FIT image
    verification in U-Boot.

I wonder whether 'depends on DM' might be better? It seems odd to have
the tail wagging the dog.

Regards,
Simon

No, that would not be better because a few lines down,
RSA_SOFTWARE_EXP and RSA_FREESCALE_EXP both say "depends on DM" but
they don't actually enable it if they need it.

As a user, my expectation is that when I turn on some high level
feature, that will enable all of its lower level dependencies. Would
it be less strange to make FIT_SIGNATURE turn on DM instead of RSA?

We certainly must avoid the build break.

My concern is that CONFIG_DM may introduce a run-time break. For
example if you don't have pre-relocation malloc() available the board
may not boot. Driver model is a fundamental core feature, and we are
working to move everything over to it, but I'm not quite comfortable
with forcing it on when someone changes a feature. It feel it would be
better to not offer it.

I'm interested to hear other viewpoints though.

Perhaps soon we can enable CONFIG_DM globally but we are not there yet.

Regards,
Simon
_______________________________________________
U-Boot mailing list
U-Boot@lists.denx.de
http://lists.denx.de/mailman/listinfo/u-boot


_______________________________________________
U-Boot mailing list
U-Boot@lists.denx.de
http://lists.denx.de/mailman/listinfo/u-boot






















					Reply via email to