On Tue, Jan 14, 2020 at 12:43:40PM +0100, Heinrich Schuchardt wrote: > On 1/14/20 8:45 AM, AKASHI Takahiro wrote: > >On Wed, Jan 08, 2020 at 01:35:13PM +0100, Heinrich Schuchardt wrote: > >>On 11/21/19 1:11 AM, AKASHI Takahiro wrote: > >>>In the next couple of commits, under new CONFIG_RSA_VERIFY_WITH_PKEY, > >>>rsa_verify() will be extended to be able to perform RSA decryption without > >>>additional RSA key properties from FIT image, i.e. rr and n0inv. > >>> > >>>Signed-off-by: AKASHI Takahiro <[email protected]> > >>>Reviewed-by: Simon Glass <[email protected]> > >> > >>The patch series does not build for some configurations. > >> > >>>--- > >>> lib/rsa/Kconfig | 14 ++++++++++++++ > >>> 1 file changed, 14 insertions(+) > >>> > >>>diff --git a/lib/rsa/Kconfig b/lib/rsa/Kconfig > >>>index 03ffa2969048..71e4c06bf883 100644 > >>>--- a/lib/rsa/Kconfig > >>>+++ b/lib/rsa/Kconfig > >>>@@ -30,6 +30,20 @@ config RSA_VERIFY > >>> help > >>> Add RSA signature verification support. > >>> > >>>+config RSA_VERIFY_WITH_PKEY > >> > >>For CONFIG_RSA_VERIFY_WITH_PKEY=y and CONFIG_RSA_PUBLIC_KEY_PARSER=n > >>I get an error: > > > >This error is inevitable as both RSA_VERIFY_WITH_PKEY and > >RSA_PUBLIC_KEY_PARSER are "select"able configurations with > >visible prompts and then > > No, it is not inevitbable. Just ensure that in the Makefiles all modules > are selected that you need for your configuration.
How? Can you please show me a simple solution? Thanks, -Takahiro Akashi > >we should generally avoid potential illegal configurations; > > Yes, we want to avoid potentially illegal configurations everywhere. > This is why we have a randconfig build target. > > Best regards > > Heinrich > > >The one should NOT forcibly select the other as the kernel kconfig > >document suggests. > > > ># Note: > ># select should be used with care. select will force > ># a symbol to a value without visiting the dependencies. > ># By abusing select you are able to select a symbol FOO even > ># if FOO depends on BAR that is not set. > ># In general use select only for non-visible symbols > ># (no prompts anywhere) and for symbols with no dependencies. > ># That will limit the usefulness but on the other hand avoid > ># the illegal configurations all over. > > > >-Takahiro Akashi > > > > > >>lib/rsa/rsa-keyprop.c:669: undefined reference to `rsa_parse_pub_key' > >> > >>RSA_PUBLIC_KEY_PARSER depends on > >>ASYMMETRIC_KEY_TYPE [=n] && ASYMMETRIC_PUBLIC_KEY_SUBTYPE [=n] > >> > >>Please, fix the dependencies. > >> > >>Best regards > >> > >>Heinrich > >> > >>>+ bool "Execute RSA verification without key parameters from FDT" > >>>+ depends on RSA > >>>+ help > >>>+ The standard RSA-signature verification code (FIT_SIGNATURE) uses > >>>+ pre-calculated key properties, that are stored in fdt blob, in > >>>+ decrypting a signature. > >>>+ This does not suit the use case where there is no way defined to > >>>+ provide such additional key properties in standardized form, > >>>+ particularly UEFI secure boot. > >>>+ This options enables RSA signature verification with a public key > >>>+ directly specified in image_sign_info, where all the necessary > >>>+ key properties will be calculated on the fly in verification code. > >>>+ > >>> config RSA_SOFTWARE_EXP > >>> bool "Enable driver for RSA Modular Exponentiation in software" > >>> depends on DM > >>> > > >
