On 11/21/19 1:11 AM, AKASHI Takahiro wrote:
In the next couple of commits, under new CONFIG_RSA_VERIFY_WITH_PKEY,
rsa_verify() will be extended to be able to perform RSA decryption without
additional RSA key properties from FIT image, i.e. rr and n0inv.
Signed-off-by: AKASHI Takahiro <[email protected]>
Reviewed-by: Simon Glass <[email protected]>
The patch series does not build for some configurations.
---
lib/rsa/Kconfig | 14 ++++++++++++++
1 file changed, 14 insertions(+)
diff --git a/lib/rsa/Kconfig b/lib/rsa/Kconfig
index 03ffa2969048..71e4c06bf883 100644
--- a/lib/rsa/Kconfig
+++ b/lib/rsa/Kconfig
@@ -30,6 +30,20 @@ config RSA_VERIFY
help
Add RSA signature verification support.
+config RSA_VERIFY_WITH_PKEY
For CONFIG_RSA_VERIFY_WITH_PKEY=y and CONFIG_RSA_PUBLIC_KEY_PARSER=n
I get an error:
lib/rsa/rsa-keyprop.c:669: undefined reference to `rsa_parse_pub_key'
RSA_PUBLIC_KEY_PARSER depends on
ASYMMETRIC_KEY_TYPE [=n] && ASYMMETRIC_PUBLIC_KEY_SUBTYPE [=n]
Please, fix the dependencies.
Best regards
Heinrich
+ bool "Execute RSA verification without key parameters from FDT"
+ depends on RSA
+ help
+ The standard RSA-signature verification code (FIT_SIGNATURE) uses
+ pre-calculated key properties, that are stored in fdt blob, in
+ decrypting a signature.
+ This does not suit the use case where there is no way defined to
+ provide such additional key properties in standardized form,
+ particularly UEFI secure boot.
+ This options enables RSA signature verification with a public key
+ directly specified in image_sign_info, where all the necessary
+ key properties will be calculated on the fly in verification code.
+
config RSA_SOFTWARE_EXP
bool "Enable driver for RSA Modular Exponentiation in software"
depends on DM
