On Fri, Sep 06, 2019 at 09:39:05AM +0200, Heinrich Schuchardt wrote:
On 9/6/19 9:08 AM, AKASHI Takahiro wrote:
Introduce new configuration, CONFIG_RSA_VERIFY which will decouple building RSA functions from FIT verification and allow for adding a RSA-based signature verification for other file formats, in particular PE file for UEFI secure boot.
Signed-off-by: AKASHI Takahiro takahiro.akashi@linaro.org
lib/rsa/Kconfig | 7 +++++++ lib/rsa/Makefile | 2 +- 2 files changed, 8 insertions(+), 1 deletion(-)
diff --git a/lib/rsa/Kconfig b/lib/rsa/Kconfig index 2b33f323bccc..338c8124da59 100644 --- a/lib/rsa/Kconfig +++ b/lib/rsa/Kconfig @@ -1,5 +1,6 @@ config RSA bool "Use RSA Library"
- select RSA_VERIFY select RSA_FREESCALE_EXP if FSL_CAAM && !ARCH_MX7 && !ARCH_MX6 && !ARCH_MX5 select RSA_SOFTWARE_EXP if !RSA_FREESCALE_EXP help
@@ -17,6 +18,12 @@ if RSA
config SPL_RSA bool "Use RSA Library within SPL"
- select RSA_VERIFY
+config RSA_VERIFY
- bool
- help
Add RSA signature verification support.config RSA_SOFTWARE_EXP bool "Enable driver for RSA Modular Exponentiation in software" diff --git a/lib/rsa/Makefile b/lib/rsa/Makefile index a51c6e1685fb..226d8f3514a9 100644 --- a/lib/rsa/Makefile +++ b/lib/rsa/Makefile @@ -5,5 +5,5 @@ # (C) Copyright 2000-2007 # Wolfgang Denk, DENX Software Engineering, wd@denx.de.
-obj-$(CONFIG_$(SPL_)FIT_SIGNATURE) += rsa-verify.o rsa-checksum.o +obj-$(CONFIG_RSA_VERIFY) += rsa-verify.o rsa-checksum.o obj-$(CONFIG_RSA_SOFTWARE_EXP) += rsa-mod-exp.o
pine64-lts_defconfig with CONFIG_RSA=y compiles fine without this patch. But with this patch:
Right. It seems that include/image.h will also have to be modified.
Thanks, -Takahiro Akashi
lib/rsa/rsa-verify.c:60:5: error: redefinition of ‘padding_pkcs_15_verify’ 60 | int padding_pkcs_15_verify(struct image_sign_info *info, | ^~~~~~~~~~~~~~~~~~~~~~ In file included from lib/rsa/rsa-verify.c:21: include/u-boot/rsa.h:118:19: note: previous definition of ‘padding_pkcs_15_verify’ was here 118 | static inline int padding_pkcs_15_verify(struct image_sign_info *info, | ^~~~~~~~~~~~~~~~~~~~~~ lib/rsa/rsa-verify.c:399:5: error: redefinition of ‘rsa_verify’ 399 | int rsa_verify(struct image_sign_info *info, | ^~~~~~~~~~ CC lib/efi_loader/efi_hii.o In file included from lib/rsa/rsa-verify.c:21: include/u-boot/rsa.h:111:19: note: previous definition of ‘rsa_verify’ was here 111 | static inline int rsa_verify(struct image_sign_info *info, | ^~~~~~~~~~
Best regards
Heinrich