Re: [PATCH] rsa: always build pss padding

Thu, 30 Oct 2025 10:07:09 -0700 



On 10/30/25 11:21 AM, Quentin Schulz wrote:

Hi Tom.

On 10/29/25 11:20 PM, Tom Rini wrote:

On Wed, Oct 29, 2025 at 12:28:53PM +0100, Quentin Schulz wrote:


From: Quentin Schulz <[email protected]>

One could very well want to verify signed files which aren't a FIT
image (e.g. via rsa_verify_hash() when $(PHASE_)RSA_VERIFY_WITH_PKEY=y)
but that is currently only possible if the FIT_SIGNATURE symbol is
enabled for the stage this signed file needs to be verified.

While we could remove the dependency on FIT_SIGNATURE and find a better
name for the symbol, let's simply always build support for PSS padding
when RSA is enabled, like we currently do for pkcs-1.5 padding.

When $(PHASE_)RSA_VERIFY is enabled on PX30 Ringneck, the difference is
an additional 904B for the SPL (spl/u-boot-spl.bin) and 1000B for U-Boot
proper (u-boot-nodtb.bin).

Signed-off-by: Quentin Schulz <[email protected]>
---
Another option is to remove the FIT_SIGNATURE dependency. For context, I
have a system where U-Boot proper verifies the signature of a few
binaries thanks to rsa_verify_hash() (see CONFIG_RSA_VERIFY_WITH_PKEY)
with an embedded public key. We do not use FIT images in proper and I
would like to avoid building code we don't use to limit the attack
surface, so I was looking at ways to remove the FIT support in proper
and this dependency makes it impossible as we use PSS padding.

The cost of always building all RSA paddings may be too high though, I
don't know where we should draw the line.


I think the cost of ~900 bytes in SPL for 120 platforms is on the high
side. How about a different symbol? Or would you want this enabled by


Yeah that was my assumption as well.


I think will go with renaming the symbol to RSASSA_PSS (and 
SPL_RSASSA_PSS) and only make it depend on RSA (and SPL_RSA), then move 
the symbol to lib/rsa/Kconfig.


How does that sound?


I'm not sure to understand why we made PSS padding an option for the 
tools though... I'm thinking about removing the TOOLS_RSASSA_PSS symbol 



Answering myself: the option is actually `def_bool y` so always built 
in. It's there so that CONFIG_IS_ENABLED(FIT_RSASSA_PSS) can be resolved 
when building for tools.



Meanwhile, I'm looking into getting rid of FIT support in proper but 
still have it in SPL, but that I'm hitting issues with symbols all 
around. Let's see what I can do :)


Cheers,
Quentin






















					Reply via email to