@@ -786,10 +786,6 @@ static int calculate_cmp_img_sig(struct fsl_secboot_img_priv *img)
{
int ret;
uint32_t key_len;
- struct key_prop prop;
-#if !defined(USE_HOSTCC)
- struct udevice *mod_exp_dev;
-#endif
ret = calc_esbchdr_esbc_hash(img);
if (ret)
return ret;
@@ -797,6 +793,14 @@ static int calculate_cmp_img_sig(struct fsl_secboot_img_priv *img)
/* Construct encoded hash EM' wrt PKCSv1.5 */
construct_img_encoded_hash_second(img);
+#if defined(CONFIG_SPL_BUILD) && !defined(CONFIG_SPL_DM)
+ ret = fsl_mod_exp_raw(img->img_sign, img->hdr.sign_len,
+ img->img_key, key_len, img->img_encoded_hash);
+#else
+ struct key_prop prop;
+#if !defined(USE_HOSTCC)
+ struct udevice *mod_exp_dev;
+#endif
/* Fill prop structure for public key */
memset(&prop, 0, sizeof(struct key_prop));
key_len = get_key_len(img) / 2;
@@ -813,6 +817,7 @@ static int calculate_cmp_img_sig(struct fsl_secboot_img_priv *img)
ret = rsa_mod_exp(mod_exp_dev, img->img_sign, img->hdr.sign_len,
&prop, img->img_encoded_hash);
+#endif
if (ret)
return ret;
@@ -15,7 +15,34 @@
#include "jr.h"
#include "rsa_caam.h"
#include <u-boot/rsa-mod-exp.h>
+#include <fsl_validate.h>
+#if defined(CONFIG_SPL_BUILD) && !defined(CONFIG_SPL_DM)
+int fsl_mod_exp_raw(const uint8_t *sig, uint32_t sig_len,
+ uint8_t *rsa_pub_key, int keylen, uint8_t *out)
+{
+ struct pk_in_params pkin;
+ uint32_t *desc = malloc(sizeof(int) * MAX_CAAM_DESCSIZE);
+ int ret;
+
+ pkin.a = sig;
+ pkin.a_siz = sig_len;
+ pkin.n = rsa_pub_key;
+ pkin.n_siz = keylen;
+ pkin.e = rsa_pub_key + keylen;
+ pkin.e_siz = keylen;
+
+ inline_cnstr_jobdesc_pkha_rsaexp(desc, &pkin, out, sig_len);
+
+ ret = run_descriptor_jr(desc);
+ if (ret) {
+ debug("%s: RSA failed to verify: %d\n", __func__, ret);
+ return -EFAULT;
+ }
+
+ return 0;
+}
+#else
int fsl_mod_exp(struct udevice *dev, const uint8_t *sig, uint32_t sig_len,
struct key_prop *prop, uint8_t *out)
{
@@ -59,3 +86,4 @@ U_BOOT_DRIVER(fsl_rsa_mod_exp) = {
U_BOOT_DEVICE(fsl_rsa) = {
.name = "fsl_rsa_mod_exp",
};
+#endif