Re: [PATCH v5 4/5] Kconfig: FIT_SIGNATURE should not select RSA_VERIFY

17 May 2021

On Mon, May 17, 2021 at 9:40 PM Alexandru Gagniuc mr.nuke.me@gmail.com wrote:
...
FIT signatures can now be implemented with ECDSA. The assumption that
all FIT images are signed with RSA is no longer valid. Thus, instead
of 'select'ing RSA, only 'imply' it. This doesn't change the defaults,
but allows one to explicitly disable RSA support.
Signed-off-by: Alexandru Gagniuc mr.nuke.me@gmail.com
Reviewed-by: Simon Glass sjg@chromium.org

common/Kconfig.boot | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/common/Kconfig.boot b/common/Kconfig.boot
index 03a6e6f214..1527e3e600 100644
--- a/common/Kconfig.boot
+++ b/common/Kconfig.boot
@@ -76,8 +76,8 @@ config FIT_SIGNATURE
        bool "Enable signature verification of FIT uImages"
        depends on DM
        select HASH

  select RSA


  select RSA_VERIFY




  imply RSA


  imply RSA_VERIFY
  select IMAGE_SIGN_INFO
  select FIT_FULL_CHECK
  help



@@ -186,8 +186,8 @@ config SPL_FIT_SIGNATURE
        select SPL_FIT
        select SPL_CRYPTO_SUPPORT
        select SPL_HASH_SUPPORT

  select SPL_RSA


  select SPL_RSA_VERIFY




  imply SPL_RSA


  imply SPL_RSA_VERIFY
  select SPL_IMAGE_SIGN_INFO
  select SPL_FIT_FULL_CHECK




--
2.31.1
Reviewed-by: Igor Opaniuk igor.opaniuk@foundries.io
-- 
Best regards - Freundliche Grüsse - Meilleures salutations

Igor Opaniuk
Embedded Software Engineer
T:  +380 938364067
E: igor.opaniuk@foundries.io
W: www.foundries.io

    