On 1/17/20 3:24 AM, AKASHI Takahiro wrote:
On Tue, Jan 14, 2020 at 12:43:40PM +0100, Heinrich Schuchardt wrote:
On 1/14/20 8:45 AM, AKASHI Takahiro wrote:
On Wed, Jan 08, 2020 at 01:35:13PM +0100, Heinrich Schuchardt wrote:
On 11/21/19 1:11 AM, AKASHI Takahiro wrote:
In the next couple of commits, under new CONFIG_RSA_VERIFY_WITH_PKEY,
rsa_verify() will be extended to be able to perform RSA decryption without
additional RSA key properties from FIT image, i.e. rr and n0inv.
Signed-off-by: AKASHI Takahiro <[email protected]>
Reviewed-by: Simon Glass <[email protected]>
The patch series does not build for some configurations.
---
lib/rsa/Kconfig | 14 ++++++++++++++
1 file changed, 14 insertions(+)
diff --git a/lib/rsa/Kconfig b/lib/rsa/Kconfig
index 03ffa2969048..71e4c06bf883 100644
--- a/lib/rsa/Kconfig
+++ b/lib/rsa/Kconfig
@@ -30,6 +30,20 @@ config RSA_VERIFY
help
Add RSA signature verification support.
+config RSA_VERIFY_WITH_PKEY
For CONFIG_RSA_VERIFY_WITH_PKEY=y and CONFIG_RSA_PUBLIC_KEY_PARSER=n
I get an error:
This error is inevitable as both RSA_VERIFY_WITH_PKEY and
RSA_PUBLIC_KEY_PARSER are "select"able configurations with
visible prompts and then
No, it is not inevitbable. Just ensure that in the Makefiles all modules
are selected that you need for your configuration.
How?
Can you please show me a simple solution?
ifneq($(CONFIG_RSA_VERIFY_WITH_PKEY)$(CONFIG_RSA_PUBLIC_KEY_PARSER),)
obj-y += foo.o
endif
or
config RSA_VERIFY_WITH_PKEY
depends on RSA_PUBLIC_KEY_PARSER
or
config RSA_VERIFY_WITH_PKEY
select RSA_PUBLIC_KEY_PARSER
Best regards
Heinrich
Thanks,
-Takahiro Akashi
we should generally avoid potential illegal configurations;
Yes, we want to avoid potentially illegal configurations everywhere.
This is why we have a randconfig build target.
Best regards
Heinrich
The one should NOT forcibly select the other as the kernel kconfig
document suggests.
# Note:
# select should be used with care. select will force
# a symbol to a value without visiting the dependencies.
# By abusing select you are able to select a symbol FOO even
# if FOO depends on BAR that is not set.
# In general use select only for non-visible symbols
# (no prompts anywhere) and for symbols with no dependencies.
# That will limit the usefulness but on the other hand avoid
# the illegal configurations all over.
-Takahiro Akashi
lib/rsa/rsa-keyprop.c:669: undefined reference to `rsa_parse_pub_key'
RSA_PUBLIC_KEY_PARSER depends on
ASYMMETRIC_KEY_TYPE [=n] && ASYMMETRIC_PUBLIC_KEY_SUBTYPE [=n]
Please, fix the dependencies.
Best regards
Heinrich
+ bool "Execute RSA verification without key parameters from FDT"
+ depends on RSA
+ help
+ The standard RSA-signature verification code (FIT_SIGNATURE) uses
+ pre-calculated key properties, that are stored in fdt blob, in
+ decrypting a signature.
+ This does not suit the use case where there is no way defined to
+ provide such additional key properties in standardized form,
+ particularly UEFI secure boot.
+ This options enables RSA signature verification with a public key
+ directly specified in image_sign_info, where all the necessary
+ key properties will be calculated on the fly in verification code.
+
config RSA_SOFTWARE_EXP
bool "Enable driver for RSA Modular Exponentiation in software"
depends on DM
