diff options
| author | AKASHI Takahiro <takahiro.akashi@linaro.org> | 2020-02-21 09:12:56 +0300 |
|---|---|---|
| committer | Tom Rini <trini@konsulko.com> | 2020-03-12 15:20:39 +0300 |
| commit | dd89f5b0fde7f23afffc69f92eedc7f7c5caef36 (patch) | |
| tree | d69501b977b644591d87be04742b9ec6856b3921 /lib/rsa | |
| parent | b983cc2da0bafd73a4dfc069eb3c3a98677e2d92 (diff) | |
| download | u-boot-dd89f5b0fde7f23afffc69f92eedc7f7c5caef36.tar.xz | |
rsa: add CONFIG_RSA_VERIFY_WITH_PKEY config
In the next couple of commits, under new CONFIG_RSA_VERIFY_WITH_PKEY,
rsa_verify() will be extended to be able to perform RSA decryption without
additional RSA key properties from FIT image, i.e. rr and n0inv.
Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
Reviewed-by: Simon Glass <sjg@chromium.org>
Diffstat (limited to 'lib/rsa')
| -rw-r--r-- | lib/rsa/Kconfig | 14 |
1 files changed, 14 insertions, 0 deletions
diff --git a/lib/rsa/Kconfig b/lib/rsa/Kconfig index 18a075c174..89697219db 100644 --- a/lib/rsa/Kconfig +++ b/lib/rsa/Kconfig @@ -28,6 +28,20 @@ config RSA_VERIFY help Add RSA signature verification support. +config RSA_VERIFY_WITH_PKEY + bool "Execute RSA verification without key parameters from FDT" + select RSA_VERIFY + help + The standard RSA-signature verification code (FIT_SIGNATURE) uses + pre-calculated key properties, that are stored in fdt blob, in + decrypting a signature. + This does not suit the use case where there is no way defined to + provide such additional key properties in standardized form, + particularly UEFI secure boot. + This options enables RSA signature verification with a public key + directly specified in image_sign_info, where all the necessary + key properties will be calculated on the fly in verification code. + config RSA_SOFTWARE_EXP bool "Enable driver for RSA Modular Exponentiation in software" depends on DM |