mirror of
https://github.com/smaeul/u-boot.git
synced 2025-10-24 01:28:15 +01:00
This commit adds the option SPL_RSA_VERIFY_WITH_PKEY. Reviewed-by: Simon Glass <sjg@chromium.org> Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
93 lines
3.3 KiB
Plaintext
93 lines
3.3 KiB
Plaintext
config RSA
|
|
bool "Use RSA Library"
|
|
select RSA_FREESCALE_EXP if FSL_CAAM && !ARCH_MX7 && !ARCH_MX7ULP && !ARCH_MX6 && !ARCH_MX5
|
|
select RSA_ASPEED_EXP if ASPEED_ACRY
|
|
select RSA_SOFTWARE_EXP if !RSA_FREESCALE_EXP && !RSA_ASPEED_EXP
|
|
help
|
|
RSA support. This enables the RSA algorithm used for FIT image
|
|
verification in U-Boot.
|
|
See doc/uImage.FIT/signature.txt for more details.
|
|
The Modular Exponentiation algorithm in RSA is implemented using
|
|
driver model. So CONFIG_DM needs to be enabled by default for this
|
|
library to function.
|
|
The signing part is build into mkimage regardless of this
|
|
option. The software based modular exponentiation is built into
|
|
mkimage irrespective of this option.
|
|
|
|
if RSA
|
|
|
|
config SPL_RSA
|
|
bool "Use RSA Library within SPL"
|
|
|
|
config SPL_RSA_VERIFY
|
|
bool
|
|
depends on SPL_RSA
|
|
help
|
|
Add RSA signature verification support in SPL.
|
|
|
|
config RSA_VERIFY
|
|
bool
|
|
help
|
|
Add RSA signature verification support.
|
|
|
|
config RSA_VERIFY_WITH_PKEY
|
|
bool "Execute RSA verification without key parameters from FDT"
|
|
select RSA_VERIFY
|
|
select ASYMMETRIC_KEY_TYPE
|
|
select ASYMMETRIC_PUBLIC_KEY_SUBTYPE
|
|
select RSA_PUBLIC_KEY_PARSER
|
|
help
|
|
The standard RSA-signature verification code (FIT_SIGNATURE) uses
|
|
pre-calculated key properties, that are stored in fdt blob, in
|
|
decrypting a signature.
|
|
This does not suit the use case where there is no way defined to
|
|
provide such additional key properties in standardized form,
|
|
particularly UEFI secure boot.
|
|
This options enables RSA signature verification with a public key
|
|
directly specified in image_sign_info, where all the necessary
|
|
key properties will be calculated on the fly in verification code.
|
|
|
|
config SPL_RSA_VERIFY_WITH_PKEY
|
|
bool "Execute RSA verification without key parameters from FDT within SPL"
|
|
depends on SPL
|
|
select SPL_RSA_VERIFY
|
|
select SPL_ASYMMETRIC_KEY_TYPE
|
|
select SPL_ASYMMETRIC_PUBLIC_KEY_SUBTYPE
|
|
select SPL_RSA_PUBLIC_KEY_PARSER
|
|
help
|
|
The standard RSA-signature verification code (FIT_SIGNATURE) uses
|
|
pre-calculated key properties, that are stored in fdt blob, in
|
|
decrypting a signature.
|
|
This does not suit the use case where there is no way defined to
|
|
provide such additional key properties in standardized form,
|
|
particularly UEFI secure boot.
|
|
This options enables RSA signature verification with a public key
|
|
directly specified in image_sign_info, where all the necessary
|
|
key properties will be calculated on the fly in verification code
|
|
in the SPL.
|
|
|
|
config RSA_SOFTWARE_EXP
|
|
bool "Enable driver for RSA Modular Exponentiation in software"
|
|
depends on DM
|
|
help
|
|
Enables driver for modular exponentiation in software. This is a RSA
|
|
algorithm used in FIT image verification. It required RSA Key as
|
|
input.
|
|
See doc/uImage.FIT/signature.txt for more details.
|
|
|
|
config RSA_FREESCALE_EXP
|
|
bool "Enable RSA Modular Exponentiation with FSL crypto accelerator"
|
|
depends on DM && FSL_CAAM && !ARCH_MX7 && !ARCH_MX7ULP && !ARCH_MX6 && !ARCH_MX5
|
|
help
|
|
Enables driver for RSA modular exponentiation using Freescale cryptographic
|
|
accelerator - CAAM.
|
|
|
|
config RSA_ASPEED_EXP
|
|
bool "Enable RSA Modular Exponentiation with ASPEED crypto accelerator"
|
|
depends on DM && ASPEED_ACRY
|
|
help
|
|
Enables driver for RSA modular exponentiation using ASPEED cryptographic
|
|
accelerator - ACRY
|
|
|
|
endif
|