From patchwork Wed Nov 13 00:47:26 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: AKASHI Takahiro X-Patchwork-Id: 1193934 X-Patchwork-Delegate: trini@ti.com Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=none (no SPF record) smtp.mailfrom=lists.denx.de (client-ip=81.169.180.215; helo=lists.denx.de; envelope-from=u-boot-bounces@lists.denx.de; receiver=) Authentication-Results: ozlabs.org; dmarc=fail (p=none dis=none) header.from=linaro.org Authentication-Results: ozlabs.org; dkim=fail reason="signature verification failed" (2048-bit key; unprotected) header.d=linaro.org header.i=@linaro.org header.b="YBVN0m9p"; dkim-atps=neutral Received: from lists.denx.de (dione.denx.de [81.169.180.215]) by ozlabs.org (Postfix) with ESMTP id 47CR9Y4gmkz9sPk for ; Wed, 13 Nov 2019 12:00:17 +1100 (AEDT) Received: by lists.denx.de (Postfix, from userid 105) id 51A2EC21FBE; Wed, 13 Nov 2019 00:52:23 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on lists.denx.de X-Spam-Level: X-Spam-Status: No, score=-0.0 required=5.0 tests=RCVD_IN_MSPIKE_H3, RCVD_IN_MSPIKE_WL, T_DKIM_INVALID autolearn=unavailable autolearn_force=no version=3.4.0 Received: from lists.denx.de (localhost [IPv6:::1]) by lists.denx.de (Postfix) with ESMTP id F22E7C21EBA; Wed, 13 Nov 2019 00:48:59 +0000 (UTC) Received: by lists.denx.de (Postfix, from userid 105) id EE38FC21F59; Wed, 13 Nov 2019 00:47:26 +0000 (UTC) Received: from mail-pf1-f195.google.com (mail-pf1-f195.google.com [209.85.210.195]) by lists.denx.de (Postfix) with ESMTPS id 0023EC21C51 for ; Wed, 13 Nov 2019 00:47:11 +0000 (UTC) Received: by mail-pf1-f195.google.com with SMTP id z4so319840pfn.12 for ; Tue, 12 Nov 2019 16:47:10 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; h=from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding; bh=xChTKY0FfPtKjm8uwVVEqf6C+mzOsQQ8pflzKRvlLPM=; b=YBVN0m9p3PDlVfYh13xzmnnP1hnU1p0cMUGYGit0gOpq6TJ3Pw6lK9F4aILe9x2txj yp6ePGR3CPzfmA6abjfmdwCwYsGAPm1N3ssOUxPfF1B3OEf5mNfe3Jg5dS4fjECl+a+6 hjkpIQWEUiPD6lS+WMm+QIvjT4gHsHjdrLw1DTOw9LXwc7mJp3OydIdbjBnKMLqLKvZ9 MryZFvSzK8YqLCSWDWlbmwXKVionN6L3Qljo2CdGqtdHhVA4793PdA/YHEETWM2zuCK0 J7jPme3sYHAzLmAAtC+xL9tZTUj0TTXuxWKQve1i7AA6TNKXU8AhT26Lan9zlV7uTbEz 0Sqw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=xChTKY0FfPtKjm8uwVVEqf6C+mzOsQQ8pflzKRvlLPM=; b=pHGaiKInA1927SJJgnlUXJvlh24pmfTPTDJOqOC2R/MmWiNfT7caFgKK/02zQh5Xkn NIM51dKwKpYrk8U3XPjseJW6jGaY311o/jGJHiEwJqWjNuYbGmkqd1ItvXaBJLEzG0wO gX+CjD7I/js01xw5NKX6OpXUMajRZOkXXatOjgDZ8c7E5n1rWEA04defnQ0CS6WMFfn7 WG7G3qG9t76EYRIkx3DcNVCOFBoE7DI2G+aJAKLipqeJAvD/cUSBfNL9tOTw4QoGXjJn QZG3y0H9MhGzB7QUkPZFZc7uywKEM8Hd3fR2B9pKqVrTdEQP2JeFvG40tpeuWrYh1XVl QF9A== X-Gm-Message-State: APjAAAWzvLZdaR+GI8bsjbUVA+yi51R9v5SlReHcQTlCSE5IAUSproCJ H9+PweNLuCf7lUQvTQ8euuX78w== X-Google-Smtp-Source: APXvYqx06W8w8/h8BQCmHYwRXEgDr6DuvbWH+4vx23MsGz4UR0aWkbsNc9unNQwb07LiU2h85Oj6Wg== X-Received: by 2002:a17:90a:2947:: with SMTP id x7mr885943pjf.136.1573606029628; Tue, 12 Nov 2019 16:47:09 -0800 (PST) Received: from linaro.org ([121.95.100.191]) by smtp.googlemail.com with ESMTPSA id z23sm200234pgu.16.2019.11.12.16.47.08 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Tue, 12 Nov 2019 16:47:09 -0800 (PST) From: AKASHI Takahiro To: trini@konsulko.com, sjg@chromium.org, xypron.glpk@gmx.de, agraf@csgraf.de Date: Wed, 13 Nov 2019 09:47:26 +0900 Message-Id: <20191113004730.30139-3-takahiro.akashi@linaro.org> X-Mailer: git-send-email 2.21.0 In-Reply-To: <20191113004730.30139-1-takahiro.akashi@linaro.org> References: <20191113004730.30139-1-takahiro.akashi@linaro.org> MIME-Version: 1.0 Cc: u-boot@lists.denx.de, mail@patrick-wildt.de Subject: [U-Boot] [PATCH v3 2/6] rsa: add CONFIG_RSA_VERIFY_WITH_PKEY config X-BeenThere: u-boot@lists.denx.de X-Mailman-Version: 2.1.18 Precedence: list List-Id: U-Boot discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: u-boot-bounces@lists.denx.de Sender: "U-Boot" In the next couple of commits, under new CONFIG_RSA_VERIFY_WITH_PKEY, rsa_verify() will be extended to be able to perform RSA decryption without additional RSA key properties from FIT image, i.e. rr and n0inv. Signed-off-by: AKASHI Takahiro Reviewed-by: Simon Glass --- lib/rsa/Kconfig | 14 ++++++++++++++ 1 file changed, 14 insertions(+) diff --git a/lib/rsa/Kconfig b/lib/rsa/Kconfig index 03ffa2969048..71e4c06bf883 100644 --- a/lib/rsa/Kconfig +++ b/lib/rsa/Kconfig @@ -30,6 +30,20 @@ config RSA_VERIFY help Add RSA signature verification support. +config RSA_VERIFY_WITH_PKEY + bool "Execute RSA verification without key parameters from FDT" + depends on RSA + help + The standard RSA-signature verification code (FIT_SIGNATURE) uses + pre-calculated key properties, that are stored in fdt blob, in + decrypting a signature. + This does not suit the use case where there is no way defined to + provide such additional key properties in standardized form, + particularly UEFI secure boot. + This options enables RSA signature verification with a public key + directly specified in image_sign_info, where all the necessary + key properties will be calculated on the fly in verification code. + config RSA_SOFTWARE_EXP bool "Enable driver for RSA Modular Exponentiation in software" depends on DM