From: Igor Opaniuk igor.opaniuk@foundries.io

Introduce RSA_SOFTWARE_EXP_TINY Kconfig option, which does not require DM to be enabled. This can be handy on devices, where SPL + signed U-Boot FIT image setup is used, where it isn't possible to enable SPL_DM mainly due to SRAM size constraits.

For example, on iMX8MM with this option enabled and SPL_DM disabled it's possible to save almost 11Kb:

With RSA_SOFTWARE_EXP_TINY enabled: spl/u-boot-spl-nodtb.bin 99824

Without: spl/u-boot-spl-nodtb.bin 111088

Signed-off-by: Igor Opaniuk igor.opaniuk@foundries.io ---

lib/rsa/Kconfig | 11 ++++++++++- lib/rsa/rsa-verify.c | 8 ++++---- 2 files changed, 14 insertions(+), 5 deletions(-)

diff --git a/lib/rsa/Kconfig b/lib/rsa/Kconfig index a90d67e5a8..03692b73bb 100644 --- a/lib/rsa/Kconfig +++ b/lib/rsa/Kconfig @@ -1,7 +1,8 @@ config RSA bool "Use RSA Library" select RSA_FREESCALE_EXP if FSL_CAAM && !ARCH_MX7 && !ARCH_MX6 && !ARCH_MX5 - select RSA_SOFTWARE_EXP if !RSA_FREESCALE_EXP + select RSA_SOFTWARE_EXP if !RSA_FREESCALE_EXP && DM + select RSA_SOFTWARE_EXP_TINY if !RSA_FREESCALE_EXP && !DM help RSA support. This enables the RSA algorithm used for FIT image verification in U-Boot. @@ -45,6 +46,14 @@ config RSA_VERIFY_WITH_PKEY directly specified in image_sign_info, where all the necessary key properties will be calculated on the fly in verification code.

+config RSA_SOFTWARE_EXP_TINY + bool "Enable non-DM RSA Modular Exponentiation software implementation" + help + Enable modular exponentiation implementation in software, which + does not require Driver Model to be enabled. This is a RSA algorithm + used in FIT image verification. It required RSA Key as input. + See doc/uImage.FIT/signature.txt for more details. + config RSA_SOFTWARE_EXP bool "Enable driver for RSA Modular Exponentiation in software" depends on DM diff --git a/lib/rsa/rsa-verify.c b/lib/rsa/rsa-verify.c index aee76f42d5..0162253636 100644 --- a/lib/rsa/rsa-verify.c +++ b/lib/rsa/rsa-verify.c @@ -319,7 +319,7 @@ static int rsa_verify_key(struct image_sign_info *info, const uint32_t key_len) { int ret; -#if !defined(USE_HOSTCC) +#if !(defined(USE_HOSTCC) || defined(RSA_SOFTWARE_EXP_TINY)) struct udevice *mod_exp_dev; #endif struct checksum_algo *checksum = info->checksum; @@ -346,7 +346,9 @@ static int rsa_verify_key(struct image_sign_info *info, uint8_t buf[sig_len]; hash_len = checksum->checksum_len;

-#if !defined(USE_HOSTCC) +#if defined(USE_HOSTCC) || defined(RSA_SOFTWARE_EXP_TINY) + ret = rsa_mod_exp_sw(sig, sig_len, prop, buf); +#else ret = uclass_get_device(UCLASS_MOD_EXP, 0, &mod_exp_dev); if (ret) { printf("RSA: Can't find Modular Exp implementation\n"); @@ -354,8 +356,6 @@ static int rsa_verify_key(struct image_sign_info *info, }

ret = rsa_mod_exp(mod_exp_dev, sig, sig_len, prop, buf); -#else - ret = rsa_mod_exp_sw(sig, sig_len, prop, buf); #endif if (ret) { debug("Error in Modular exponentation\n");