From patchwork Tue Mar 16 00:24:31 2021
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Alexandru Gagniuc <mr.nuke.me@gmail.com>
X-Patchwork-Id: 1453639
X-Patchwork-Delegate: patrice.chotard@st.com
Return-Path: <u-boot-bounces@lists.denx.de>
X-Original-To: incoming@patchwork.ozlabs.org
Delivered-To: patchwork-incoming@bilbo.ozlabs.org
Authentication-Results: ozlabs.org;
 spf=pass (sender SPF authorized) smtp.mailfrom=lists.denx.de
 (client-ip=85.214.62.61; helo=phobos.denx.de;
 envelope-from=u-boot-bounces@lists.denx.de; receiver=<UNKNOWN>)
Authentication-Results: ozlabs.org;
	dkim=pass (2048-bit key;
 unprotected) header.d=gmail.com header.i=@gmail.com header.a=rsa-sha256
 header.s=20161025 header.b=bRhesa8y;
	dkim-atps=neutral
Received: from phobos.denx.de (phobos.denx.de [85.214.62.61])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits))
	(No client certificate requested)
	by ozlabs.org (Postfix) with ESMTPS id 4DzvG44vZ7z9sW5
	for <incoming@patchwork.ozlabs.org>; Tue, 16 Mar 2021 11:25:48 +1100 (AEDT)
Received: from h2850616.stratoserver.net (localhost [IPv6:::1])
	by phobos.denx.de (Postfix) with ESMTP id C0D8682821;
	Tue, 16 Mar 2021 01:25:08 +0100 (CET)
Authentication-Results: phobos.denx.de;
 dmarc=pass (p=none dis=none) header.from=gmail.com
Authentication-Results: phobos.denx.de;
 spf=pass smtp.mailfrom=u-boot-bounces@lists.denx.de
Authentication-Results: phobos.denx.de;
	dkim=pass (2048-bit key;
 unprotected) header.d=gmail.com header.i=@gmail.com header.b="bRhesa8y";
	dkim-atps=neutral
Received: by phobos.denx.de (Postfix, from userid 109)
 id E5E6082654; Tue, 16 Mar 2021 01:24:48 +0100 (CET)
X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on phobos.denx.de
X-Spam-Level: 
X-Spam-Status: No, score=-2.0 required=5.0 tests=BAYES_00,DKIM_SIGNED,
 DKIM_VALID,DKIM_VALID_AU,FREEMAIL_FROM,SPF_HELO_NONE autolearn=ham
 autolearn_force=no version=3.4.2
Received: from mail-ot1-x32a.google.com (mail-ot1-x32a.google.com
 [IPv6:2607:f8b0:4864:20::32a])
 (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits))
 (No client certificate requested)
 by phobos.denx.de (Postfix) with ESMTPS id 4282080F58
 for <u-boot@lists.denx.de>; Tue, 16 Mar 2021 01:24:39 +0100 (CET)
Authentication-Results: phobos.denx.de;
 dmarc=pass (p=none dis=none) header.from=gmail.com
Authentication-Results: phobos.denx.de;
 spf=pass smtp.mailfrom=mr.nuke.me@gmail.com
Received: by mail-ot1-x32a.google.com with SMTP id
 f73-20020a9d03cf0000b02901b4d889bce0so6022762otf.12
 for <u-boot@lists.denx.de>; Mon, 15 Mar 2021 17:24:39 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025;
 h=from:to:cc:subject:date:message-id:in-reply-to:references
 :mime-version:content-transfer-encoding;
 bh=DxANeKhdoa8eiY9U1PZQnACp9uQ10wHbo6br98FjQR8=;
 b=bRhesa8yJEsoJxbMj9iFTfj+oJ9xxANQdKfkX3oNrqo7INZcRAnnNqba39RYLQe/Xg
 tf9boFVUWgj5B89nktvaJsTV/aeY1NuAa49WJGrH4Y7GNWDftb5q00a+3MdrgYI/kquf
 W+avPp3ra9cCP/yKnw+hzRt4z5PRoJJSV4IBxud8KBjBK7Z3e5XUA3qiVxcZ8WTztmYI
 x/ZemYK6GTIatgatohpZid3Vhl2lbjpRk34S7okHAsj0Me07ORf4ZAhd2OHFDa+I9TeZ
 SrQSWry5Z251shv8/K6HqGQbDDIHC7Di6TmYOnmo6yV36NsL8ZIUZjiabGMupDty9YHZ
 XNLA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=1e100.net; s=20161025;
 h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to
 :references:mime-version:content-transfer-encoding;
 bh=DxANeKhdoa8eiY9U1PZQnACp9uQ10wHbo6br98FjQR8=;
 b=I1I7BQGbiDPnqgwkkyfCRBdOuEF9yvALsNlkjIvbHI1Hm1yK7PqHQPI++m6f5RwXOE
 qsqmsJvm6Ce9cEF3AIOG7kj4/p+JrC6duKy5FFRvrzioa0ykIzjShOJlk+20Q31jOQh+
 KVhnUffJdjWU4umXt3OQMvUFY9s2ps+K0dUOltutnnkyGFz0E8aRkkLvVSH2IoDViyy5
 J8b/hBYTVsFOpFro733UaDC3H4pNOBkIwvXJaRElZquePwnUCRqJjJNrX9ujcghbbrDD
 TjPTyyVWKvodJTIl4KMMZFu0ywcEfTMzH3Io8n5txNpZLoKS+z0r33IKeF7aa1iAhHy6
 6p/g==
X-Gm-Message-State: AOAM532+IR27uPw1jIzB9W5AsPWbtJ35Rklo85NysypXPeIW987zLtyc
 JEpgAH0ybmjxBqNC5YXbmL0+Tb7ypA0=
X-Google-Smtp-Source: 
 ABdhPJyFxwvLmSfQ/ThCM9GA3z0b2N7QW+RS+owSxXsC26/mNuJHZcfuEUWvcS7B6JO8O3oyhVBg2Q==
X-Received: by 2002:a9d:3b86:: with SMTP id k6mr1347813otc.194.1615854277876;
 Mon, 15 Mar 2021 17:24:37 -0700 (PDT)
Received: from nuclearis2-1.lan (c-98-195-139-126.hsd1.tx.comcast.net.
 [98.195.139.126])
 by smtp.gmail.com with ESMTPSA id i11sm7106690otp.76.2021.03.15.17.24.37
 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
 Mon, 15 Mar 2021 17:24:37 -0700 (PDT)
From: Alexandru Gagniuc <mr.nuke.me@gmail.com>
To: u-boot@lists.denx.de
Cc: Alexandru Gagniuc <mr.nuke.me@gmail.com>, trini@konsulko.com,
 sjg@chromium.org
Subject: [PATCH v2 5/6] Kconfig: FIT_SIGNATURE should not select RSA_VERIFY
Date: Mon, 15 Mar 2021 19:24:31 -0500
Message-Id: <20210316002432.2581891-6-mr.nuke.me@gmail.com>
X-Mailer: git-send-email 2.26.2
In-Reply-To: <20210316002432.2581891-1-mr.nuke.me@gmail.com>
References: <20210316002432.2581891-1-mr.nuke.me@gmail.com>
MIME-Version: 1.0
X-BeenThere: u-boot@lists.denx.de
X-Mailman-Version: 2.1.34
Precedence: list
List-Id: U-Boot discussion <u-boot.lists.denx.de>
List-Unsubscribe: <https://lists.denx.de/options/u-boot>,
 <mailto:u-boot-request@lists.denx.de?subject=unsubscribe>
List-Archive: <https://lists.denx.de/pipermail/u-boot/>
List-Post: <mailto:u-boot@lists.denx.de>
List-Help: <mailto:u-boot-request@lists.denx.de?subject=help>
List-Subscribe: <https://lists.denx.de/listinfo/u-boot>,
 <mailto:u-boot-request@lists.denx.de?subject=subscribe>
Errors-To: u-boot-bounces@lists.denx.de
Sender: "U-Boot" <u-boot-bounces@lists.denx.de>
X-Virus-Scanned: clamav-milter 0.102.4 at phobos.denx.de
X-Virus-Status: Clean

FIT signatures can now be implemented with ECDSA. The assumption that
all FIT images are signed with RSA is no longer valid. Thus, instead
of 'select'ing RSA, only 'imply' it. This doesn't change the defaults,
but allows one to explicitly disable RSA support.

Signed-off-by: Alexandru Gagniuc <mr.nuke.me@gmail.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
---
 common/Kconfig.boot | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/common/Kconfig.boot b/common/Kconfig.boot
index 9c335f4f8c..788c287da2 100644
--- a/common/Kconfig.boot
+++ b/common/Kconfig.boot
@@ -76,8 +76,8 @@ config FIT_SIGNATURE
 	bool "Enable signature verification of FIT uImages"
 	depends on DM
 	select HASH
-	select RSA
-	select RSA_VERIFY
+	imply RSA
+	imply RSA_VERIFY
 	select IMAGE_SIGN_INFO
 	select FIT_FULL_CHECK
 	help
@@ -186,8 +186,8 @@ config SPL_FIT_SIGNATURE
 	select SPL_FIT
 	select SPL_CRYPTO_SUPPORT
 	select SPL_HASH_SUPPORT
-	select SPL_RSA
-	select SPL_RSA_VERIFY
+	imply SPL_RSA
+	imply SPL_RSA_VERIFY
 	select SPL_IMAGE_SIGN_INFO
 	select SPL_FIT_FULL_CHECK