Message ID | 20190906070808.1198-2-takahiro.akashi@linaro.org |
---|---|
State | RFC |
Delegated to: | Tom Rini |
Headers | show |
Series | rsa: extend rsa_verify() for UEFI secure boot | expand |
On 9/6/19 9:08 AM, AKASHI Takahiro wrote: > Introduce new configuration, CONFIG_RSA_VERIFY which will decouple building > RSA functions from FIT verification and allow for adding a RSA-based > signature verification for other file formats, in particular PE file > for UEFI secure boot. > > Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> > --- > lib/rsa/Kconfig | 7 +++++++ > lib/rsa/Makefile | 2 +- > 2 files changed, 8 insertions(+), 1 deletion(-) > > diff --git a/lib/rsa/Kconfig b/lib/rsa/Kconfig > index 2b33f323bccc..338c8124da59 100644 > --- a/lib/rsa/Kconfig > +++ b/lib/rsa/Kconfig > @@ -1,5 +1,6 @@ > config RSA > bool "Use RSA Library" > + select RSA_VERIFY > select RSA_FREESCALE_EXP if FSL_CAAM && !ARCH_MX7 && !ARCH_MX6 && !ARCH_MX5 > select RSA_SOFTWARE_EXP if !RSA_FREESCALE_EXP > help > @@ -17,6 +18,12 @@ if RSA > > config SPL_RSA > bool "Use RSA Library within SPL" > + select RSA_VERIFY > + > +config RSA_VERIFY > + bool > + help > + Add RSA signature verification support. > > config RSA_SOFTWARE_EXP > bool "Enable driver for RSA Modular Exponentiation in software" > diff --git a/lib/rsa/Makefile b/lib/rsa/Makefile > index a51c6e1685fb..226d8f3514a9 100644 > --- a/lib/rsa/Makefile > +++ b/lib/rsa/Makefile > @@ -5,5 +5,5 @@ > # (C) Copyright 2000-2007 > # Wolfgang Denk, DENX Software Engineering, wd@denx.de. > > -obj-$(CONFIG_$(SPL_)FIT_SIGNATURE) += rsa-verify.o rsa-checksum.o > +obj-$(CONFIG_RSA_VERIFY) += rsa-verify.o rsa-checksum.o > obj-$(CONFIG_RSA_SOFTWARE_EXP) += rsa-mod-exp.o > pine64-lts_defconfig with CONFIG_RSA=y compiles fine without this patch. But with this patch: lib/rsa/rsa-verify.c:60:5: error: redefinition of ‘padding_pkcs_15_verify’ 60 | int padding_pkcs_15_verify(struct image_sign_info *info, | ^~~~~~~~~~~~~~~~~~~~~~ In file included from lib/rsa/rsa-verify.c:21: include/u-boot/rsa.h:118:19: note: previous definition of ‘padding_pkcs_15_verify’ was here 118 | static inline int padding_pkcs_15_verify(struct image_sign_info *info, | ^~~~~~~~~~~~~~~~~~~~~~ lib/rsa/rsa-verify.c:399:5: error: redefinition of ‘rsa_verify’ 399 | int rsa_verify(struct image_sign_info *info, | ^~~~~~~~~~ CC lib/efi_loader/efi_hii.o In file included from lib/rsa/rsa-verify.c:21: include/u-boot/rsa.h:111:19: note: previous definition of ‘rsa_verify’ was here 111 | static inline int rsa_verify(struct image_sign_info *info, | ^~~~~~~~~~ Best regards Heinrich
On Fri, Sep 06, 2019 at 09:39:05AM +0200, Heinrich Schuchardt wrote: > On 9/6/19 9:08 AM, AKASHI Takahiro wrote: > >Introduce new configuration, CONFIG_RSA_VERIFY which will decouple building > >RSA functions from FIT verification and allow for adding a RSA-based > >signature verification for other file formats, in particular PE file > >for UEFI secure boot. > > > >Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> > >--- > > lib/rsa/Kconfig | 7 +++++++ > > lib/rsa/Makefile | 2 +- > > 2 files changed, 8 insertions(+), 1 deletion(-) > > > >diff --git a/lib/rsa/Kconfig b/lib/rsa/Kconfig > >index 2b33f323bccc..338c8124da59 100644 > >--- a/lib/rsa/Kconfig > >+++ b/lib/rsa/Kconfig > >@@ -1,5 +1,6 @@ > > config RSA > > bool "Use RSA Library" > >+ select RSA_VERIFY > > select RSA_FREESCALE_EXP if FSL_CAAM && !ARCH_MX7 && !ARCH_MX6 && !ARCH_MX5 > > select RSA_SOFTWARE_EXP if !RSA_FREESCALE_EXP > > help > >@@ -17,6 +18,12 @@ if RSA > > > > config SPL_RSA > > bool "Use RSA Library within SPL" > >+ select RSA_VERIFY > >+ > >+config RSA_VERIFY > >+ bool > >+ help > >+ Add RSA signature verification support. > > > > config RSA_SOFTWARE_EXP > > bool "Enable driver for RSA Modular Exponentiation in software" > >diff --git a/lib/rsa/Makefile b/lib/rsa/Makefile > >index a51c6e1685fb..226d8f3514a9 100644 > >--- a/lib/rsa/Makefile > >+++ b/lib/rsa/Makefile > >@@ -5,5 +5,5 @@ > > # (C) Copyright 2000-2007 > > # Wolfgang Denk, DENX Software Engineering, wd@denx.de. > > > >-obj-$(CONFIG_$(SPL_)FIT_SIGNATURE) += rsa-verify.o rsa-checksum.o > >+obj-$(CONFIG_RSA_VERIFY) += rsa-verify.o rsa-checksum.o > > obj-$(CONFIG_RSA_SOFTWARE_EXP) += rsa-mod-exp.o > > > > pine64-lts_defconfig with CONFIG_RSA=y > compiles fine without this patch. But with this patch: Right. It seems that include/image.h will also have to be modified. Thanks, -Takahiro Akashi > lib/rsa/rsa-verify.c:60:5: error: redefinition of ‘padding_pkcs_15_verify’ > 60 | int padding_pkcs_15_verify(struct image_sign_info *info, > | ^~~~~~~~~~~~~~~~~~~~~~ > In file included from lib/rsa/rsa-verify.c:21: > include/u-boot/rsa.h:118:19: note: previous definition of > ‘padding_pkcs_15_verify’ was here > 118 | static inline int padding_pkcs_15_verify(struct image_sign_info > *info, > | ^~~~~~~~~~~~~~~~~~~~~~ > lib/rsa/rsa-verify.c:399:5: error: redefinition of ‘rsa_verify’ > 399 | int rsa_verify(struct image_sign_info *info, > | ^~~~~~~~~~ > CC lib/efi_loader/efi_hii.o > In file included from lib/rsa/rsa-verify.c:21: > include/u-boot/rsa.h:111:19: note: previous definition of ‘rsa_verify’ > was here > 111 | static inline int rsa_verify(struct image_sign_info *info, > | ^~~~~~~~~~ > > Best regards > > Heinrich
diff --git a/lib/rsa/Kconfig b/lib/rsa/Kconfig index 2b33f323bccc..338c8124da59 100644 --- a/lib/rsa/Kconfig +++ b/lib/rsa/Kconfig @@ -1,5 +1,6 @@ config RSA bool "Use RSA Library" + select RSA_VERIFY select RSA_FREESCALE_EXP if FSL_CAAM && !ARCH_MX7 && !ARCH_MX6 && !ARCH_MX5 select RSA_SOFTWARE_EXP if !RSA_FREESCALE_EXP help @@ -17,6 +18,12 @@ if RSA config SPL_RSA bool "Use RSA Library within SPL" + select RSA_VERIFY + +config RSA_VERIFY + bool + help + Add RSA signature verification support. config RSA_SOFTWARE_EXP bool "Enable driver for RSA Modular Exponentiation in software" diff --git a/lib/rsa/Makefile b/lib/rsa/Makefile index a51c6e1685fb..226d8f3514a9 100644 --- a/lib/rsa/Makefile +++ b/lib/rsa/Makefile @@ -5,5 +5,5 @@ # (C) Copyright 2000-2007 # Wolfgang Denk, DENX Software Engineering, wd@denx.de. -obj-$(CONFIG_$(SPL_)FIT_SIGNATURE) += rsa-verify.o rsa-checksum.o +obj-$(CONFIG_RSA_VERIFY) += rsa-verify.o rsa-checksum.o obj-$(CONFIG_RSA_SOFTWARE_EXP) += rsa-mod-exp.o
Introduce new configuration, CONFIG_RSA_VERIFY which will decouple building RSA functions from FIT verification and allow for adding a RSA-based signature verification for other file formats, in particular PE file for UEFI secure boot. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> --- lib/rsa/Kconfig | 7 +++++++ lib/rsa/Makefile | 2 +- 2 files changed, 8 insertions(+), 1 deletion(-)