Message ID | 20220225145754.30217-7-philippe.reynes@softathome.com |
---|---|
State | Changes Requested |
Delegated to: | Simon Glass |
Headers | show
Return-Path: <u-boot-bounces@lists.denx.de> X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: bilbo.ozlabs.org; dkim=pass (2048-bit key; unprotected) header.d=softathome1.onmicrosoft.com header.i=@softathome1.onmicrosoft.com header.a=rsa-sha256 header.s=selector1-softathome1-onmicrosoft-com header.b=Ib3EGQb4; dkim-atps=neutral Authentication-Results: ozlabs.org; spf=pass (sender SPF authorized) smtp.mailfrom=lists.denx.de (client-ip=85.214.62.61; helo=phobos.denx.de; envelope-from=u-boot-bounces@lists.denx.de; receiver=<UNKNOWN>) Received: from phobos.denx.de (phobos.denx.de [85.214.62.61]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits)) (No client certificate requested) by bilbo.ozlabs.org (Postfix) with ESMTPS id 4K4tG6497Vz9sFs for <incoming@patchwork.ozlabs.org>; Sat, 26 Feb 2022 01:59:10 +1100 (AEDT) Received: from h2850616.stratoserver.net (localhost [IPv6:::1]) by phobos.denx.de (Postfix) with ESMTP id A70AB83CEC; Fri, 25 Feb 2022 15:58:36 +0100 (CET) Authentication-Results: phobos.denx.de; dmarc=none (p=none dis=none) header.from=softathome.com Authentication-Results: phobos.denx.de; spf=pass smtp.mailfrom=u-boot-bounces@lists.denx.de Authentication-Results: phobos.denx.de; dkim=pass (2048-bit key; unprotected) header.d=softathome1.onmicrosoft.com header.i=@softathome1.onmicrosoft.com header.b="Ib3EGQb4"; dkim-atps=neutral Received: by phobos.denx.de (Postfix, from userid 109) id 456F983CD8; Fri, 25 Feb 2022 15:58:08 +0100 (CET) X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on phobos.denx.de X-Spam-Level: X-Spam-Status: No, score=-1.9 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,SPF_HELO_PASS,SPF_PASS,T_SCC_BODY_TEXT_LINE autolearn=ham autolearn_force=no version=3.4.2 Received: from FRA01-MR2-obe.outbound.protection.outlook.com (mail-mr2fra01on0620.outbound.protection.outlook.com [IPv6:2a01:111:f400:7e19::620]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by phobos.denx.de (Postfix) with ESMTPS id 94C4283874 for <u-boot@lists.denx.de>; Fri, 25 Feb 2022 15:58:00 +0100 (CET) Authentication-Results: phobos.denx.de; dmarc=none (p=none dis=none) header.from=softathome.com Authentication-Results: phobos.denx.de; spf=pass smtp.mailfrom=philippe.reynes@softathome.com ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=VOp5FOS1dXiL+gP/bgxwWuaOLrVDtL7W+YbqejGlRuR1y0a+GXrVPHv0G6875vllsHO3VmZjbqjOSQLfnv/1YwJL7Ct7XurhQRLDlvd3VnbMIm8D5hhdGkQRmKJegc3XuRWQoYlUKWd/Uf+9ZndCFBm94fmcdB1isPBSBDOKUrbNUPfJd9nuBKEJxfiW8XycSgjNo5lLoW2ijDuZfF7HulZnVrsCRtjowddlCCwUaFSdjtnv0pTZoZQ3QZRDQxjR5Eb7fwVZbttWSl7KlbNJXcTVgHxvkIGcPpryT6Wlkh6dIJ3jptTLMIF2f/oN7hAtHJSk/dlMRwokj5hmwmOWXA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=2XX9uGJxISX4g15uIoK1y3UwiBNdXEwoH0CesGQYOJ4=; b=K0MAvuFhUQ7CmLPUc/llJUC7n74ALnUyb6L/Mome8J/WM2oiX4dQdbR1zTY0MqRqkL3lDs0y2B52Kgf7P/ZmW8jVsAuGMNrFED65cxSLCIsIaNjH9zsYM3Qy1mBmZ4UzoZn5az4lkBvg3kND80YXRGwAGHGaBOw+ZdSqUUCrQOHHZ3Yg4Ax4+MbChOGz3lEX3xvfmvbOrLTNIWkK/Ow0VeZa4FX36VCwvTM4rZoYiSdI6JlS2XMq0vjV6o9mBfiiNNXvOR4m+jXtx2sIPTb8UoNGbMC4oZQK2WyTN8hvIbpwQCwpYi2XIskRrNEaawcYFbEhPMr+XxAX8mABOiDhsA== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass (sender ip is 149.6.166.170) smtp.rcpttodomain=chromium.org smtp.mailfrom=softathome.com; dmarc=bestguesspass action=none header.from=softathome.com; dkim=none (message not signed); arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=softathome1.onmicrosoft.com; s=selector1-softathome1-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=2XX9uGJxISX4g15uIoK1y3UwiBNdXEwoH0CesGQYOJ4=; b=Ib3EGQb4em2Qfo36jGD6gHk9ktcTYvhhG/zkl5BmJ1TdwOu3Qj88UyFCN0gPT5tzqwgBETcVIMD1RpHNdTko0qrJrmPR2tI/co7+1V4XR7bxZMuXCaudX33kTPATeVnIjNbhVC1nj640iEj5nIK3sNz2VShJMrsrlIzjhUNjwVmUMrX1JOX3i4RIqkT1Z7la6k8cA3r6w1jphTi6NM7wZfmOs49+oYHqC4ZsiyIuMvzI2w9VfyFcsYEBsQaPKZxYAb6O7bFBDSZi/The9lhsUYRSgA8EJGb6YgxW1ocXRpb6Lzz21Ika17Ku9Q6RTjUNg2ENM0fJkGCyeunWcdeyjg== Received: from PR3P193CA0051.EURP193.PROD.OUTLOOK.COM (2603:10a6:102:51::26) by MRZP264MB1591.FRAP264.PROD.OUTLOOK.COM (2603:10a6:501:17::15) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.5017.22; Fri, 25 Feb 2022 14:57:58 +0000 Received: from PR2FRA01FT011.eop-fra01.prod.protection.outlook.com (2603:10a6:102:51:cafe::2) by PR3P193CA0051.outlook.office365.com (2603:10a6:102:51::26) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.5017.22 via Frontend Transport; Fri, 25 Feb 2022 14:57:58 +0000 X-MS-Exchange-Authentication-Results: spf=pass (sender IP is 149.6.166.170) smtp.mailfrom=softathome.com; dkim=none (message not signed) header.d=none;dmarc=bestguesspass action=none header.from=softathome.com; Received-SPF: Pass (protection.outlook.com: domain of softathome.com designates 149.6.166.170 as permitted sender) receiver=protection.outlook.com; client-ip=149.6.166.170; helo=proxy.softathome.com; Received: from proxy.softathome.com (149.6.166.170) by PR2FRA01FT011.mail.protection.outlook.com (10.152.48.104) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.5017.22 via Frontend Transport; Fri, 25 Feb 2022 14:57:58 +0000 Received: from localhost.localdomain (unknown [192.168.72.32]) by proxy.softathome.com (Postfix) with ESMTPSA id 7803520043; Fri, 25 Feb 2022 15:57:58 +0100 (CET) From: Philippe Reynes <philippe.reynes@softathome.com> To: sjg@chromium.org, rasmus.villemoes@prevas.dk Cc: u-boot@lists.denx.de, Philippe Reynes <philippe.reynes@softathome.com> Subject: [PATCH v6 06/16] lib: rsa: allow rsa verify with pkey in SPL Date: Fri, 25 Feb 2022 15:57:44 +0100 Message-Id: <20220225145754.30217-7-philippe.reynes@softathome.com> X-Mailer: git-send-email 2.17.1 In-Reply-To: <20220225145754.30217-1-philippe.reynes@softathome.com> References: <20220225145754.30217-1-philippe.reynes@softathome.com> X-EOPAttributedMessage: 0 X-MS-PublicTrafficType: Email MIME-Version: 1.0 Content-Type: text/plain X-MS-Office365-Filtering-Correlation-Id: 19ad6bf4-049a-402f-4748-08d9f86f365b X-MS-TrafficTypeDiagnostic: MRZP264MB1591:EE_ X-Microsoft-Antispam-PRVS: <MRZP264MB1591487E2E7D09F47EA8D491883E9@MRZP264MB1591.FRAP264.PROD.OUTLOOK.COM> X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: +PERozI+eMSuBMjd8RA7wHHGoXWxO66x9pteikVa9K2Uv3jI//GmdAKE6OnvK9bHkhIPnFIRMBxtBcnKTLhQmRN/+ggsEsWEJuAKiDvxAXxKRGbBsCdX4GSLHRdTG3w414dB3nAy3KgU/Km8ySzR2Z7yEoQ2byBP3xyAABPWI6JzIF2QIXGoduGLnMA1+80144mkebramQKWKfAkgpXtv0qIfZvF9NTNBS1hiwPfM4XzKpQ3wEd4zmR5U/WQI2zHI9mnd0pbhPG4cVTar+RQOqQ1n16g6j3/Q9VFcNxziv7G4rfST9u+BkDP0UlC5n1rXvWocbrKEyI98bYs1dIJzPZ2N291HJNWse7OpP7c609Xh4ql4+kiCK7orlWRnAXVUkQF8xP4M5Q2+kHJxDTS2fKKh6sPtRK+TSIw1ck/Cq+5SLZACNeIVt2WTzwiTopOpnCX5yj91Uus0uZvjpoHCb2gAIPRfEvhjruFBoqZ1IyZaW6eR0irgs6iGITXbEV4eGhde0DR9/ZDXJyfQxcr/XGstsEVgLqF+sUtH8ftiX/IgYAcjBjNJPZ3LxesepcvvepdZkIRhh76D0FC1zkNc+IPgdi5FL0ooMqVZmL5jH3RImQIn5nPOPlUtTqiGXcHnvNTlOmQ+caE+zDiyKG5y7jzSlZKeNFjhRfKM9HPwsUugOgrtpH5AHQe7EAYF6ztTBwp5IWDbiihJxrwd26ynw== X-Forefront-Antispam-Report: CIP:149.6.166.170; CTRY:FR; LANG:en; SCL:1; SRV:; IPV:CAL; SFV:NSPM; H:proxy.softathome.com; PTR:InfoDomainNonexistent; CAT:NONE; SFS:(13230001)(4636009)(36840700001)(46966006)(40470700004)(82310400004)(6666004)(1076003)(15650500001)(40460700003)(86362001)(4326008)(6966003)(26005)(83380400001)(186003)(336012)(5660300002)(6266002)(426003)(8676002)(81166007)(70206006)(508600001)(44832011)(356005)(47076005)(2616005)(316002)(82960400001)(70586007)(36756003)(36860700001)(2906002)(8936002)(107886003)(36900700001); DIR:OUT; SFP:1101; X-OriginatorOrg: softathome.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 25 Feb 2022 14:57:58.6333 (UTC) X-MS-Exchange-CrossTenant-Network-Message-Id: 19ad6bf4-049a-402f-4748-08d9f86f365b X-MS-Exchange-CrossTenant-Id: aa10e044-e405-4c10-8353-36b4d0cce511 X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=aa10e044-e405-4c10-8353-36b4d0cce511; Ip=[149.6.166.170]; Helo=[proxy.softathome.com] X-MS-Exchange-CrossTenant-AuthSource: PR2FRA01FT011.eop-fra01.prod.protection.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Anonymous X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem X-MS-Exchange-Transport-CrossTenantHeadersStamped: MRZP264MB1591 X-BeenThere: u-boot@lists.denx.de X-Mailman-Version: 2.1.39 Precedence: list List-Id: U-Boot discussion <u-boot.lists.denx.de> List-Unsubscribe: <https://lists.denx.de/options/u-boot>, <mailto:u-boot-request@lists.denx.de?subject=unsubscribe> List-Archive: <https://lists.denx.de/pipermail/u-boot/> List-Post: <mailto:u-boot@lists.denx.de> List-Help: <mailto:u-boot-request@lists.denx.de?subject=help> List-Subscribe: <https://lists.denx.de/listinfo/u-boot>, <mailto:u-boot-request@lists.denx.de?subject=subscribe> Errors-To: u-boot-bounces@lists.denx.de Sender: "U-Boot" <u-boot-bounces@lists.denx.de> X-Virus-Scanned: clamav-milter 0.103.5 at phobos.denx.de X-Virus-Status: Clean |
Series |
image: add a stage pre-load
|
expand
|
diff --git a/lib/rsa/Kconfig b/lib/rsa/Kconfig index be9775bcce..b773f17c26 100644 --- a/lib/rsa/Kconfig +++ b/lib/rsa/Kconfig @@ -47,6 +47,25 @@ config RSA_VERIFY_WITH_PKEY directly specified in image_sign_info, where all the necessary key properties will be calculated on the fly in verification code. +config SPL_RSA_VERIFY_WITH_PKEY + bool "Execute RSA verification without key parameters from FDT within SPL" + depends on SPL + select SPL_RSA_VERIFY + select SPL_ASYMMETRIC_KEY_TYPE + select SPL_ASYMMETRIC_PUBLIC_KEY_SUBTYPE + select SPL_RSA_PUBLIC_KEY_PARSER + help + The standard RSA-signature verification code (FIT_SIGNATURE) uses + pre-calculated key properties, that are stored in fdt blob, in + decrypting a signature. + This does not suit the use case where there is no way defined to + provide such additional key properties in standardized form, + particularly UEFI secure boot. + This options enables RSA signature verification with a public key + directly specified in image_sign_info, where all the necessary + key properties will be calculated on the fly in verification code + in the SPL. + config RSA_SOFTWARE_EXP bool "Enable driver for RSA Modular Exponentiation in software" depends on DM