[U-Boot,v3,2/6] rsa: add CONFIG_RSA_VERIFY_WITH_PKEY config

Message ID	20191113004730.30139-3-takahiro.akashi@linaro.org
State	Superseded
Delegated to:	Tom Rini
Headers	show Return-Path: <u-boot-bounces@lists.denx.de> From: AKASHI Takahiro <takahiro.akashi@linaro.org> To: trini@konsulko.com, sjg@chromium.org, xypron.glpk@gmx.de, agraf@csgraf.de Date: Wed, 13 Nov 2019 09:47:26 +0900 Message-Id: <20191113004730.30139-3-takahiro.akashi@linaro.org> In-Reply-To: <20191113004730.30139-1-takahiro.akashi@linaro.org> References: <20191113004730.30139-1-takahiro.akashi@linaro.org> MIME-Version: 1.0 Cc: u-boot@lists.denx.de, mail@patrick-wildt.de Subject: [U-Boot] [PATCH v3 2/6] rsa: add CONFIG_RSA_VERIFY_WITH_PKEY config Precedence: list Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: base64 Errors-To: u-boot-bounces@lists.denx.de Sender: "U-Boot" <u-boot-bounces@lists.denx.de>
Series	rsa: extend rsa_verify() for UEFI secure boot \| expand [U-Boot,v3,0/6] rsa: extend rsa_verify() for UEFI secure boot [U-Boot,v3,1/6] lib: rsa: decouple rsa from FIT image verification [U-Boot,v3,2/6] rsa: add CONFIG_RSA_VERIFY_WITH_PKEY config [U-Boot,v3,3/6] include: image.h: add key info to image_sign_info [U-Boot,v3,4/6] lib: rsa: generate additional parameters for public key [U-Boot,v3,5/6] lib: rsa: add rsa_verify_with_pkey() [U-Boot,v3,6/6] test: add rsa_verify() unit test

Message ID

20191113004730.30139-3-takahiro.akashi@linaro.org

State

Superseded

Delegated to:

Tom Rini

Headers

From: AKASHI Takahiro <takahiro.akashi@linaro.org>
To: trini@konsulko.com, sjg@chromium.org, xypron.glpk@gmx.de, agraf@csgraf.de
Date: Wed, 13 Nov 2019 09:47:26 +0900
Message-Id: <20191113004730.30139-3-takahiro.akashi@linaro.org>
In-Reply-To: <20191113004730.30139-1-takahiro.akashi@linaro.org>
References: <20191113004730.30139-1-takahiro.akashi@linaro.org>
MIME-Version: 1.0
Cc: u-boot@lists.denx.de, mail@patrick-wildt.de
Subject: [U-Boot] [PATCH v3 2/6] rsa: add CONFIG_RSA_VERIFY_WITH_PKEY config
Precedence: list
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: base64
Errors-To: u-boot-bounces@lists.denx.de
Sender: "U-Boot" <u-boot-bounces@lists.denx.de>

Series

rsa: extend rsa_verify() for UEFI secure boot | expand

Commit Message

AKASHI Takahiro Nov. 13, 2019, 12:47 a.m. UTC

In the next couple of commits, under new CONFIG_RSA_VERIFY_WITH_PKEY,
rsa_verify() will be extended to be able to perform RSA decryption without
additional RSA key properties from FIT image, i.e. rr and n0inv.

Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
---
 lib/rsa/Kconfig | 14 ++++++++++++++
 1 file changed, 14 insertions(+)

Comments

Simon Glass Nov. 20, 2019, 2:59 a.m. UTC | #1

On Tue, 12 Nov 2019 at 16:47, AKASHI Takahiro
<takahiro.akashi@linaro.org> wrote:
>
> In the next couple of commits, under new CONFIG_RSA_VERIFY_WITH_PKEY,
> rsa_verify() will be extended to be able to perform RSA decryption without
> additional RSA key properties from FIT image, i.e. rr and n0inv.
>
> Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
> ---
>  lib/rsa/Kconfig | 14 ++++++++++++++
>  1 file changed, 14 insertions(+)

Reviewed-by: Simon Glass <sjg@chromium.org>

diff --git a/lib/rsa/Kconfig b/lib/rsa/Kconfig
index 03ffa2969048..71e4c06bf883 100644
--- a/lib/rsa/Kconfig
+++ b/lib/rsa/Kconfig
@@ -30,6 +30,20 @@  config RSA_VERIFY
 	help
 	  Add RSA signature verification support.
 
+config RSA_VERIFY_WITH_PKEY
+	bool "Execute RSA verification without key parameters from FDT"
+	depends on RSA
+	help
+	  The standard RSA-signature verification code (FIT_SIGNATURE) uses
+	  pre-calculated key properties, that are stored in fdt blob, in
+	  decrypting a signature.
+	  This does not suit the use case where there is no way defined to
+	  provide such additional key properties in standardized form,
+	  particularly UEFI secure boot.
+	  This options enables RSA signature verification with a public key
+	  directly specified in image_sign_info, where all the necessary
+	  key properties will be calculated on the fly in verification code.
+
 config RSA_SOFTWARE_EXP
 	bool "Enable driver for RSA Modular Exponentiation in software"
 	depends on DM

[U-Boot,v3,2/6] rsa: add CONFIG_RSA_VERIFY_WITH_PKEY config

Commit Message

Comments

Patch