Tom, Simon, On Fri, Jan 17, 2020 at 06:59:44AM +0100, Heinrich Schuchardt wrote: > On 1/17/20 3:24 AM, AKASHI Takahiro wrote: > >On Tue, Jan 14, 2020 at 12:43:40PM +0100, Heinrich Schuchardt wrote: > >>On 1/14/20 8:45 AM, AKASHI Takahiro wrote: > >>>On Wed, Jan 08, 2020 at 01:35:13PM +0100, Heinrich Schuchardt wrote: > >>>>On 11/21/19 1:11 AM, AKASHI Takahiro wrote: > >>>>>In the next couple of commits, under new CONFIG_RSA_VERIFY_WITH_PKEY, > >>>>>rsa_verify() will be extended to be able to perform RSA decryption > >>>>>without > >>>>>additional RSA key properties from FIT image, i.e. rr and n0inv. > >>>>> > >>>>>Signed-off-by: AKASHI Takahiro <takahiro.aka...@linaro.org> > >>>>>Reviewed-by: Simon Glass <s...@chromium.org> > >>>> > >>>>The patch series does not build for some configurations. > >>>> > >>>>>--- > >>>>> lib/rsa/Kconfig | 14 ++++++++++++++ > >>>>> 1 file changed, 14 insertions(+) > >>>>> > >>>>>diff --git a/lib/rsa/Kconfig b/lib/rsa/Kconfig > >>>>>index 03ffa2969048..71e4c06bf883 100644 > >>>>>--- a/lib/rsa/Kconfig > >>>>>+++ b/lib/rsa/Kconfig > >>>>>@@ -30,6 +30,20 @@ config RSA_VERIFY > >>>>> help > >>>>> Add RSA signature verification support. > >>>>> > >>>>>+config RSA_VERIFY_WITH_PKEY > >>>> > >>>>For CONFIG_RSA_VERIFY_WITH_PKEY=y and CONFIG_RSA_PUBLIC_KEY_PARSER=n > >>>>I get an error: > >>> > >>>This error is inevitable as both RSA_VERIFY_WITH_PKEY and > >>>RSA_PUBLIC_KEY_PARSER are "select"able configurations with > >>>visible prompts and then > >> > >>No, it is not inevitbable. Just ensure that in the Makefiles all modules > >>are selected that you need for your configuration. > > > >How? > >Can you please show me a simple solution? >
Which is your choice as a maintainer/author of lib/rsa? In my opinion, > ifneq($(CONFIG_RSA_VERIFY_WITH_PKEY)$(CONFIG_RSA_PUBLIC_KEY_PARSER),) > obj-y += foo.o > endif I will take this by a process of elimination. > or > > config RSA_VERIFY_WITH_PKEY > depends on RSA_PUBLIC_KEY_PARSER I normally use "depends on" to select a subset feature of the target. > or > > config RSA_VERIFY_WITH_PKEY > select RSA_PUBLIC_KEY_PARSER Nak, as I said, because RSA_PUBLIC_KEY_PARSER is a visible configuration symbol. Thanks, -Takahiro Akashi > Best regards > > Heinrich > > > > >Thanks, > >-Takahiro Akashi > > > > > >>>we should generally avoid potential illegal configurations; > >> > >>Yes, we want to avoid potentially illegal configurations everywhere. > >>This is why we have a randconfig build target. > >> > >>Best regards > >> > >>Heinrich > >> > >>>The one should NOT forcibly select the other as the kernel kconfig > >>>document suggests. > >>> > >>># Note: > >>># select should be used with care. select will force > >>># a symbol to a value without visiting the dependencies. > >>># By abusing select you are able to select a symbol FOO even > >>># if FOO depends on BAR that is not set. > >>># In general use select only for non-visible symbols > >>># (no prompts anywhere) and for symbols with no dependencies. > >>># That will limit the usefulness but on the other hand avoid > >>># the illegal configurations all over. > >>> > >>>-Takahiro Akashi > >>> > >>> > >>>>lib/rsa/rsa-keyprop.c:669: undefined reference to `rsa_parse_pub_key' > >>>> > >>>>RSA_PUBLIC_KEY_PARSER depends on > >>>>ASYMMETRIC_KEY_TYPE [=n] && ASYMMETRIC_PUBLIC_KEY_SUBTYPE [=n] > >>>> > >>>>Please, fix the dependencies. > >>>> > >>>>Best regards > >>>> > >>>>Heinrich > >>>> > >>>>>+ bool "Execute RSA verification without key parameters from FDT" > >>>>>+ depends on RSA > >>>>>+ help > >>>>>+ The standard RSA-signature verification code (FIT_SIGNATURE) > >>>>>uses > >>>>>+ pre-calculated key properties, that are stored in fdt blob, in > >>>>>+ decrypting a signature. > >>>>>+ This does not suit the use case where there is no way defined > >>>>>to > >>>>>+ provide such additional key properties in standardized form, > >>>>>+ particularly UEFI secure boot. > >>>>>+ This options enables RSA signature verification with a public > >>>>>key > >>>>>+ directly specified in image_sign_info, where all the necessary > >>>>>+ key properties will be calculated on the fly in verification > >>>>>code. > >>>>>+ > >>>>> config RSA_SOFTWARE_EXP > >>>>> bool "Enable driver for RSA Modular Exponentiation in software" > >>>>> depends on DM > >>>>> > >>> > >> > > >