mirror of
https://github.com/AsahiLinux/u-boot
synced 2024-11-10 23:24:38 +00:00
e0d310b098
In the current implementation of FIT_SIGNATURE, five parameters for a RSA public key are required while only two of them are essential. (See rsa-mod-exp.h and uImage.FIT/signature.txt) This is a result of considering relatively limited computer power and resources on embedded systems, while such a assumption may not be quite practical for other use cases. In this patch, added is a function, rsa_gen_key_prop(), which will generate additional parameters for other uses, in particular UEFI secure boot, on the fly. Note: the current code uses some "big number" routines from BearSSL for the calculation. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
64 lines
2.1 KiB
Text
64 lines
2.1 KiB
Text
config RSA
|
|
bool "Use RSA Library"
|
|
select RSA_FREESCALE_EXP if FSL_CAAM && !ARCH_MX7 && !ARCH_MX6 && !ARCH_MX5
|
|
select RSA_SOFTWARE_EXP if !RSA_FREESCALE_EXP
|
|
help
|
|
RSA support. This enables the RSA algorithm used for FIT image
|
|
verification in U-Boot.
|
|
See doc/uImage.FIT/signature.txt for more details.
|
|
The Modular Exponentiation algorithm in RSA is implemented using
|
|
driver model. So CONFIG_DM needs to be enabled by default for this
|
|
library to function.
|
|
The signing part is build into mkimage regardless of this
|
|
option. The software based modular exponentiation is built into
|
|
mkimage irrespective of this option.
|
|
|
|
if RSA
|
|
|
|
config SPL_RSA
|
|
bool "Use RSA Library within SPL"
|
|
|
|
config SPL_RSA_VERIFY
|
|
bool
|
|
help
|
|
Add RSA signature verification support in SPL.
|
|
|
|
config RSA_VERIFY
|
|
bool
|
|
help
|
|
Add RSA signature verification support.
|
|
|
|
config RSA_VERIFY_WITH_PKEY
|
|
bool "Execute RSA verification without key parameters from FDT"
|
|
select RSA_VERIFY
|
|
select ASYMMETRIC_KEY_TYPE
|
|
select ASYMMETRIC_PUBLIC_KEY_SUBTYPE
|
|
select RSA_PUBLIC_KEY_PARSER
|
|
help
|
|
The standard RSA-signature verification code (FIT_SIGNATURE) uses
|
|
pre-calculated key properties, that are stored in fdt blob, in
|
|
decrypting a signature.
|
|
This does not suit the use case where there is no way defined to
|
|
provide such additional key properties in standardized form,
|
|
particularly UEFI secure boot.
|
|
This options enables RSA signature verification with a public key
|
|
directly specified in image_sign_info, where all the necessary
|
|
key properties will be calculated on the fly in verification code.
|
|
|
|
config RSA_SOFTWARE_EXP
|
|
bool "Enable driver for RSA Modular Exponentiation in software"
|
|
depends on DM
|
|
help
|
|
Enables driver for modular exponentiation in software. This is a RSA
|
|
algorithm used in FIT image verification. It required RSA Key as
|
|
input.
|
|
See doc/uImage.FIT/signature.txt for more details.
|
|
|
|
config RSA_FREESCALE_EXP
|
|
bool "Enable RSA Modular Exponentiation with FSL crypto accelerator"
|
|
depends on DM && FSL_CAAM && !ARCH_MX7 && !ARCH_MX6 && !ARCH_MX5
|
|
help
|
|
Enables driver for RSA modular exponentiation using Freescale cryptographic
|
|
accelerator - CAAM.
|
|
|
|
endif
|