LM
/
u-boot
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

rsa: add CONFIG_RSA_VERIFY_WITH_PKEY config 

In the next couple of commits, under new CONFIG_RSA_VERIFY_WITH_PKEY,
rsa_verify() will be extended to be able to perform RSA decryption without
additional RSA key properties from FIT image, i.e. rr and n0inv.

Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
Reviewed-by: Simon Glass <sjg@chromium.org>
This commit is contained in:
AKASHI Takahiro 2020-02-21 15:12:56 +09:00 committed by Tom Rini
parent b983cc2da0
commit dd89f5b0fd
1 changed files with 14 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

14
lib/rsa/Kconfig
View File

@ -28,6 +28,20 @@ config RSA_VERIFY
help help
Add RSA signature verification support. Add RSA signature verification support.
config RSA_VERIFY_WITH_PKEY
bool "Execute RSA verification without key parameters from FDT"
select RSA_VERIFY
help
The standard RSA-signature verification code (FIT_SIGNATURE) uses
pre-calculated key properties, that are stored in fdt blob, in
decrypting a signature.
This does not suit the use case where there is no way defined to
provide such additional key properties in standardized form,
particularly UEFI secure boot.
This options enables RSA signature verification with a public key
directly specified in image_sign_info, where all the necessary
key properties will be calculated on the fly in verification code.
config RSA_SOFTWARE_EXP config RSA_SOFTWARE_EXP
bool "Enable driver for RSA Modular Exponentiation in software" bool "Enable driver for RSA Modular Exponentiation in software"
depends on DM depends on DM