diff mbox series

[U-Boot,v4,2/6] rsa: add CONFIG_RSA_VERIFY_WITH_PKEY config

Message ID 20191121001121.21854-3-takahiro.akashi@linaro.org
State Changes Requested
Delegated to: Tom Rini
Headers show
Series rsa: extend rsa_verify() for UEFI secure boot | expand

Commit Message

Takahiro Akashi Nov. 21, 2019, 12:11 a.m. UTC
In the next couple of commits, under new CONFIG_RSA_VERIFY_WITH_PKEY,
rsa_verify() will be extended to be able to perform RSA decryption without
additional RSA key properties from FIT image, i.e. rr and n0inv.

Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
Reviewed-by: Simon Glass <sjg@chromium.org>
---
 lib/rsa/Kconfig | 14 ++++++++++++++
 1 file changed, 14 insertions(+)

Comments

Heinrich Schuchardt Jan. 8, 2020, 12:35 p.m. UTC | #1
On 11/21/19 1:11 AM, AKASHI Takahiro wrote:
> In the next couple of commits, under new CONFIG_RSA_VERIFY_WITH_PKEY,
> rsa_verify() will be extended to be able to perform RSA decryption without
> additional RSA key properties from FIT image, i.e. rr and n0inv.
>
> Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
> Reviewed-by: Simon Glass <sjg@chromium.org>

The patch series does not build for some configurations.

> ---
>   lib/rsa/Kconfig | 14 ++++++++++++++
>   1 file changed, 14 insertions(+)
>
> diff --git a/lib/rsa/Kconfig b/lib/rsa/Kconfig
> index 03ffa2969048..71e4c06bf883 100644
> --- a/lib/rsa/Kconfig
> +++ b/lib/rsa/Kconfig
> @@ -30,6 +30,20 @@ config RSA_VERIFY
>   	help
>   	  Add RSA signature verification support.
>
> +config RSA_VERIFY_WITH_PKEY

For CONFIG_RSA_VERIFY_WITH_PKEY=y and CONFIG_RSA_PUBLIC_KEY_PARSER=n
I get an error:

lib/rsa/rsa-keyprop.c:669: undefined reference to `rsa_parse_pub_key'

RSA_PUBLIC_KEY_PARSER depends on
ASYMMETRIC_KEY_TYPE [=n] && ASYMMETRIC_PUBLIC_KEY_SUBTYPE [=n]

Please, fix the dependencies.

Best regards

Heinrich

> +	bool "Execute RSA verification without key parameters from FDT"
> +	depends on RSA
> +	help
> +	  The standard RSA-signature verification code (FIT_SIGNATURE) uses
> +	  pre-calculated key properties, that are stored in fdt blob, in
> +	  decrypting a signature.
> +	  This does not suit the use case where there is no way defined to
> +	  provide such additional key properties in standardized form,
> +	  particularly UEFI secure boot.
> +	  This options enables RSA signature verification with a public key
> +	  directly specified in image_sign_info, where all the necessary
> +	  key properties will be calculated on the fly in verification code.
> +
>   config RSA_SOFTWARE_EXP
>   	bool "Enable driver for RSA Modular Exponentiation in software"
>   	depends on DM
>
Takahiro Akashi Jan. 14, 2020, 7:45 a.m. UTC | #2
On Wed, Jan 08, 2020 at 01:35:13PM +0100, Heinrich Schuchardt wrote:
> On 11/21/19 1:11 AM, AKASHI Takahiro wrote:
> >In the next couple of commits, under new CONFIG_RSA_VERIFY_WITH_PKEY,
> >rsa_verify() will be extended to be able to perform RSA decryption without
> >additional RSA key properties from FIT image, i.e. rr and n0inv.
> >
> >Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
> >Reviewed-by: Simon Glass <sjg@chromium.org>
> 
> The patch series does not build for some configurations.
> 
> >---
> >  lib/rsa/Kconfig | 14 ++++++++++++++
> >  1 file changed, 14 insertions(+)
> >
> >diff --git a/lib/rsa/Kconfig b/lib/rsa/Kconfig
> >index 03ffa2969048..71e4c06bf883 100644
> >--- a/lib/rsa/Kconfig
> >+++ b/lib/rsa/Kconfig
> >@@ -30,6 +30,20 @@ config RSA_VERIFY
> >  	help
> >  	  Add RSA signature verification support.
> >
> >+config RSA_VERIFY_WITH_PKEY
> 
> For CONFIG_RSA_VERIFY_WITH_PKEY=y and CONFIG_RSA_PUBLIC_KEY_PARSER=n
> I get an error:

This error is inevitable as both RSA_VERIFY_WITH_PKEY and
RSA_PUBLIC_KEY_PARSER are "select"able configurations with
visible prompts and then
we should generally avoid potential illegal configurations;
The one should NOT forcibly select the other as the kernel kconfig
document suggests.

#  Note:
#        select should be used with care. select will force
#        a symbol to a value without visiting the dependencies.
#        By abusing select you are able to select a symbol FOO even
#        if FOO depends on BAR that is not set.
#        In general use select only for non-visible symbols
#        (no prompts anywhere) and for symbols with no dependencies.
#        That will limit the usefulness but on the other hand avoid
#        the illegal configurations all over.

-Takahiro Akashi


> lib/rsa/rsa-keyprop.c:669: undefined reference to `rsa_parse_pub_key'
> 
> RSA_PUBLIC_KEY_PARSER depends on
> ASYMMETRIC_KEY_TYPE [=n] && ASYMMETRIC_PUBLIC_KEY_SUBTYPE [=n]
> 
> Please, fix the dependencies.
> 
> Best regards
> 
> Heinrich
> 
> >+	bool "Execute RSA verification without key parameters from FDT"
> >+	depends on RSA
> >+	help
> >+	  The standard RSA-signature verification code (FIT_SIGNATURE) uses
> >+	  pre-calculated key properties, that are stored in fdt blob, in
> >+	  decrypting a signature.
> >+	  This does not suit the use case where there is no way defined to
> >+	  provide such additional key properties in standardized form,
> >+	  particularly UEFI secure boot.
> >+	  This options enables RSA signature verification with a public key
> >+	  directly specified in image_sign_info, where all the necessary
> >+	  key properties will be calculated on the fly in verification code.
> >+
> >  config RSA_SOFTWARE_EXP
> >  	bool "Enable driver for RSA Modular Exponentiation in software"
> >  	depends on DM
> >
Heinrich Schuchardt Jan. 14, 2020, 11:43 a.m. UTC | #3
On 1/14/20 8:45 AM, AKASHI Takahiro wrote:
> On Wed, Jan 08, 2020 at 01:35:13PM +0100, Heinrich Schuchardt wrote:
>> On 11/21/19 1:11 AM, AKASHI Takahiro wrote:
>>> In the next couple of commits, under new CONFIG_RSA_VERIFY_WITH_PKEY,
>>> rsa_verify() will be extended to be able to perform RSA decryption without
>>> additional RSA key properties from FIT image, i.e. rr and n0inv.
>>>
>>> Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
>>> Reviewed-by: Simon Glass <sjg@chromium.org>
>>
>> The patch series does not build for some configurations.
>>
>>> ---
>>>   lib/rsa/Kconfig | 14 ++++++++++++++
>>>   1 file changed, 14 insertions(+)
>>>
>>> diff --git a/lib/rsa/Kconfig b/lib/rsa/Kconfig
>>> index 03ffa2969048..71e4c06bf883 100644
>>> --- a/lib/rsa/Kconfig
>>> +++ b/lib/rsa/Kconfig
>>> @@ -30,6 +30,20 @@ config RSA_VERIFY
>>>   	help
>>>   	  Add RSA signature verification support.
>>>
>>> +config RSA_VERIFY_WITH_PKEY
>>
>> For CONFIG_RSA_VERIFY_WITH_PKEY=y and CONFIG_RSA_PUBLIC_KEY_PARSER=n
>> I get an error:
>
> This error is inevitable as both RSA_VERIFY_WITH_PKEY and
> RSA_PUBLIC_KEY_PARSER are "select"able configurations with
> visible prompts and then

No, it is not inevitbable. Just ensure that in the Makefiles all modules
are selected that you need for your configuration.

> we should generally avoid potential illegal configurations;

Yes, we want to avoid potentially illegal configurations everywhere.
This is why we have a randconfig build target.

Best regards

Heinrich

> The one should NOT forcibly select the other as the kernel kconfig
> document suggests.
>
> #  Note:
> #        select should be used with care. select will force
> #        a symbol to a value without visiting the dependencies.
> #        By abusing select you are able to select a symbol FOO even
> #        if FOO depends on BAR that is not set.
> #        In general use select only for non-visible symbols
> #        (no prompts anywhere) and for symbols with no dependencies.
> #        That will limit the usefulness but on the other hand avoid
> #        the illegal configurations all over.
>
> -Takahiro Akashi
>
>
>> lib/rsa/rsa-keyprop.c:669: undefined reference to `rsa_parse_pub_key'
>>
>> RSA_PUBLIC_KEY_PARSER depends on
>> ASYMMETRIC_KEY_TYPE [=n] && ASYMMETRIC_PUBLIC_KEY_SUBTYPE [=n]
>>
>> Please, fix the dependencies.
>>
>> Best regards
>>
>> Heinrich
>>
>>> +	bool "Execute RSA verification without key parameters from FDT"
>>> +	depends on RSA
>>> +	help
>>> +	  The standard RSA-signature verification code (FIT_SIGNATURE) uses
>>> +	  pre-calculated key properties, that are stored in fdt blob, in
>>> +	  decrypting a signature.
>>> +	  This does not suit the use case where there is no way defined to
>>> +	  provide such additional key properties in standardized form,
>>> +	  particularly UEFI secure boot.
>>> +	  This options enables RSA signature verification with a public key
>>> +	  directly specified in image_sign_info, where all the necessary
>>> +	  key properties will be calculated on the fly in verification code.
>>> +
>>>   config RSA_SOFTWARE_EXP
>>>   	bool "Enable driver for RSA Modular Exponentiation in software"
>>>   	depends on DM
>>>
>
Takahiro Akashi Jan. 17, 2020, 2:24 a.m. UTC | #4
On Tue, Jan 14, 2020 at 12:43:40PM +0100, Heinrich Schuchardt wrote:
> On 1/14/20 8:45 AM, AKASHI Takahiro wrote:
> >On Wed, Jan 08, 2020 at 01:35:13PM +0100, Heinrich Schuchardt wrote:
> >>On 11/21/19 1:11 AM, AKASHI Takahiro wrote:
> >>>In the next couple of commits, under new CONFIG_RSA_VERIFY_WITH_PKEY,
> >>>rsa_verify() will be extended to be able to perform RSA decryption without
> >>>additional RSA key properties from FIT image, i.e. rr and n0inv.
> >>>
> >>>Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
> >>>Reviewed-by: Simon Glass <sjg@chromium.org>
> >>
> >>The patch series does not build for some configurations.
> >>
> >>>---
> >>>  lib/rsa/Kconfig | 14 ++++++++++++++
> >>>  1 file changed, 14 insertions(+)
> >>>
> >>>diff --git a/lib/rsa/Kconfig b/lib/rsa/Kconfig
> >>>index 03ffa2969048..71e4c06bf883 100644
> >>>--- a/lib/rsa/Kconfig
> >>>+++ b/lib/rsa/Kconfig
> >>>@@ -30,6 +30,20 @@ config RSA_VERIFY
> >>>  	help
> >>>  	  Add RSA signature verification support.
> >>>
> >>>+config RSA_VERIFY_WITH_PKEY
> >>
> >>For CONFIG_RSA_VERIFY_WITH_PKEY=y and CONFIG_RSA_PUBLIC_KEY_PARSER=n
> >>I get an error:
> >
> >This error is inevitable as both RSA_VERIFY_WITH_PKEY and
> >RSA_PUBLIC_KEY_PARSER are "select"able configurations with
> >visible prompts and then
> 
> No, it is not inevitbable. Just ensure that in the Makefiles all modules
> are selected that you need for your configuration.

How?
Can you please show me a simple solution?

Thanks,
-Takahiro Akashi


> >we should generally avoid potential illegal configurations;
> 
> Yes, we want to avoid potentially illegal configurations everywhere.
> This is why we have a randconfig build target.
> 
> Best regards
> 
> Heinrich
> 
> >The one should NOT forcibly select the other as the kernel kconfig
> >document suggests.
> >
> >#  Note:
> >#        select should be used with care. select will force
> >#        a symbol to a value without visiting the dependencies.
> >#        By abusing select you are able to select a symbol FOO even
> >#        if FOO depends on BAR that is not set.
> >#        In general use select only for non-visible symbols
> >#        (no prompts anywhere) and for symbols with no dependencies.
> >#        That will limit the usefulness but on the other hand avoid
> >#        the illegal configurations all over.
> >
> >-Takahiro Akashi
> >
> >
> >>lib/rsa/rsa-keyprop.c:669: undefined reference to `rsa_parse_pub_key'
> >>
> >>RSA_PUBLIC_KEY_PARSER depends on
> >>ASYMMETRIC_KEY_TYPE [=n] && ASYMMETRIC_PUBLIC_KEY_SUBTYPE [=n]
> >>
> >>Please, fix the dependencies.
> >>
> >>Best regards
> >>
> >>Heinrich
> >>
> >>>+	bool "Execute RSA verification without key parameters from FDT"
> >>>+	depends on RSA
> >>>+	help
> >>>+	  The standard RSA-signature verification code (FIT_SIGNATURE) uses
> >>>+	  pre-calculated key properties, that are stored in fdt blob, in
> >>>+	  decrypting a signature.
> >>>+	  This does not suit the use case where there is no way defined to
> >>>+	  provide such additional key properties in standardized form,
> >>>+	  particularly UEFI secure boot.
> >>>+	  This options enables RSA signature verification with a public key
> >>>+	  directly specified in image_sign_info, where all the necessary
> >>>+	  key properties will be calculated on the fly in verification code.
> >>>+
> >>>  config RSA_SOFTWARE_EXP
> >>>  	bool "Enable driver for RSA Modular Exponentiation in software"
> >>>  	depends on DM
> >>>
> >
>
Heinrich Schuchardt Jan. 17, 2020, 5:59 a.m. UTC | #5
On 1/17/20 3:24 AM, AKASHI Takahiro wrote:
> On Tue, Jan 14, 2020 at 12:43:40PM +0100, Heinrich Schuchardt wrote:
>> On 1/14/20 8:45 AM, AKASHI Takahiro wrote:
>>> On Wed, Jan 08, 2020 at 01:35:13PM +0100, Heinrich Schuchardt wrote:
>>>> On 11/21/19 1:11 AM, AKASHI Takahiro wrote:
>>>>> In the next couple of commits, under new CONFIG_RSA_VERIFY_WITH_PKEY,
>>>>> rsa_verify() will be extended to be able to perform RSA decryption without
>>>>> additional RSA key properties from FIT image, i.e. rr and n0inv.
>>>>>
>>>>> Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
>>>>> Reviewed-by: Simon Glass <sjg@chromium.org>
>>>>
>>>> The patch series does not build for some configurations.
>>>>
>>>>> ---
>>>>>   lib/rsa/Kconfig | 14 ++++++++++++++
>>>>>   1 file changed, 14 insertions(+)
>>>>>
>>>>> diff --git a/lib/rsa/Kconfig b/lib/rsa/Kconfig
>>>>> index 03ffa2969048..71e4c06bf883 100644
>>>>> --- a/lib/rsa/Kconfig
>>>>> +++ b/lib/rsa/Kconfig
>>>>> @@ -30,6 +30,20 @@ config RSA_VERIFY
>>>>>   	help
>>>>>   	  Add RSA signature verification support.
>>>>>
>>>>> +config RSA_VERIFY_WITH_PKEY
>>>>
>>>> For CONFIG_RSA_VERIFY_WITH_PKEY=y and CONFIG_RSA_PUBLIC_KEY_PARSER=n
>>>> I get an error:
>>>
>>> This error is inevitable as both RSA_VERIFY_WITH_PKEY and
>>> RSA_PUBLIC_KEY_PARSER are "select"able configurations with
>>> visible prompts and then
>>
>> No, it is not inevitbable. Just ensure that in the Makefiles all modules
>> are selected that you need for your configuration.
>
> How?
> Can you please show me a simple solution?

ifneq($(CONFIG_RSA_VERIFY_WITH_PKEY)$(CONFIG_RSA_PUBLIC_KEY_PARSER),)
obj-y += foo.o
endif

or

config RSA_VERIFY_WITH_PKEY
	depends on RSA_PUBLIC_KEY_PARSER

or

config RSA_VERIFY_WITH_PKEY
	select RSA_PUBLIC_KEY_PARSER

Best regards

Heinrich

>
> Thanks,
> -Takahiro Akashi
>
>
>>> we should generally avoid potential illegal configurations;
>>
>> Yes, we want to avoid potentially illegal configurations everywhere.
>> This is why we have a randconfig build target.
>>
>> Best regards
>>
>> Heinrich
>>
>>> The one should NOT forcibly select the other as the kernel kconfig
>>> document suggests.
>>>
>>> #  Note:
>>> #        select should be used with care. select will force
>>> #        a symbol to a value without visiting the dependencies.
>>> #        By abusing select you are able to select a symbol FOO even
>>> #        if FOO depends on BAR that is not set.
>>> #        In general use select only for non-visible symbols
>>> #        (no prompts anywhere) and for symbols with no dependencies.
>>> #        That will limit the usefulness but on the other hand avoid
>>> #        the illegal configurations all over.
>>>
>>> -Takahiro Akashi
>>>
>>>
>>>> lib/rsa/rsa-keyprop.c:669: undefined reference to `rsa_parse_pub_key'
>>>>
>>>> RSA_PUBLIC_KEY_PARSER depends on
>>>> ASYMMETRIC_KEY_TYPE [=n] && ASYMMETRIC_PUBLIC_KEY_SUBTYPE [=n]
>>>>
>>>> Please, fix the dependencies.
>>>>
>>>> Best regards
>>>>
>>>> Heinrich
>>>>
>>>>> +	bool "Execute RSA verification without key parameters from FDT"
>>>>> +	depends on RSA
>>>>> +	help
>>>>> +	  The standard RSA-signature verification code (FIT_SIGNATURE) uses
>>>>> +	  pre-calculated key properties, that are stored in fdt blob, in
>>>>> +	  decrypting a signature.
>>>>> +	  This does not suit the use case where there is no way defined to
>>>>> +	  provide such additional key properties in standardized form,
>>>>> +	  particularly UEFI secure boot.
>>>>> +	  This options enables RSA signature verification with a public key
>>>>> +	  directly specified in image_sign_info, where all the necessary
>>>>> +	  key properties will be calculated on the fly in verification code.
>>>>> +
>>>>>   config RSA_SOFTWARE_EXP
>>>>>   	bool "Enable driver for RSA Modular Exponentiation in software"
>>>>>   	depends on DM
>>>>>
>>>
>>
>
Takahiro Akashi Jan. 21, 2020, 4:29 a.m. UTC | #6
Tom, Simon,

On Fri, Jan 17, 2020 at 06:59:44AM +0100, Heinrich Schuchardt wrote:
> On 1/17/20 3:24 AM, AKASHI Takahiro wrote:
> >On Tue, Jan 14, 2020 at 12:43:40PM +0100, Heinrich Schuchardt wrote:
> >>On 1/14/20 8:45 AM, AKASHI Takahiro wrote:
> >>>On Wed, Jan 08, 2020 at 01:35:13PM +0100, Heinrich Schuchardt wrote:
> >>>>On 11/21/19 1:11 AM, AKASHI Takahiro wrote:
> >>>>>In the next couple of commits, under new CONFIG_RSA_VERIFY_WITH_PKEY,
> >>>>>rsa_verify() will be extended to be able to perform RSA decryption without
> >>>>>additional RSA key properties from FIT image, i.e. rr and n0inv.
> >>>>>
> >>>>>Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
> >>>>>Reviewed-by: Simon Glass <sjg@chromium.org>
> >>>>
> >>>>The patch series does not build for some configurations.
> >>>>
> >>>>>---
> >>>>>  lib/rsa/Kconfig | 14 ++++++++++++++
> >>>>>  1 file changed, 14 insertions(+)
> >>>>>
> >>>>>diff --git a/lib/rsa/Kconfig b/lib/rsa/Kconfig
> >>>>>index 03ffa2969048..71e4c06bf883 100644
> >>>>>--- a/lib/rsa/Kconfig
> >>>>>+++ b/lib/rsa/Kconfig
> >>>>>@@ -30,6 +30,20 @@ config RSA_VERIFY
> >>>>>  	help
> >>>>>  	  Add RSA signature verification support.
> >>>>>
> >>>>>+config RSA_VERIFY_WITH_PKEY
> >>>>
> >>>>For CONFIG_RSA_VERIFY_WITH_PKEY=y and CONFIG_RSA_PUBLIC_KEY_PARSER=n
> >>>>I get an error:
> >>>
> >>>This error is inevitable as both RSA_VERIFY_WITH_PKEY and
> >>>RSA_PUBLIC_KEY_PARSER are "select"able configurations with
> >>>visible prompts and then
> >>
> >>No, it is not inevitbable. Just ensure that in the Makefiles all modules
> >>are selected that you need for your configuration.
> >
> >How?
> >Can you please show me a simple solution?
> 

Which is your choice as a maintainer/author of lib/rsa?

In my opinion,

> ifneq($(CONFIG_RSA_VERIFY_WITH_PKEY)$(CONFIG_RSA_PUBLIC_KEY_PARSER),)
> obj-y += foo.o
> endif

I will take this by a process of elimination.

> or
> 
> config RSA_VERIFY_WITH_PKEY
> 	depends on RSA_PUBLIC_KEY_PARSER

I normally use "depends on" to select a subset feature of the target.

> or
> 
> config RSA_VERIFY_WITH_PKEY
> 	select RSA_PUBLIC_KEY_PARSER

Nak, as I said, because RSA_PUBLIC_KEY_PARSER is a visible configuration symbol.

Thanks,
-Takahiro Akashi

> Best regards
> 
> Heinrich
> 
> >
> >Thanks,
> >-Takahiro Akashi
> >
> >
> >>>we should generally avoid potential illegal configurations;
> >>
> >>Yes, we want to avoid potentially illegal configurations everywhere.
> >>This is why we have a randconfig build target.
> >>
> >>Best regards
> >>
> >>Heinrich
> >>
> >>>The one should NOT forcibly select the other as the kernel kconfig
> >>>document suggests.
> >>>
> >>>#  Note:
> >>>#        select should be used with care. select will force
> >>>#        a symbol to a value without visiting the dependencies.
> >>>#        By abusing select you are able to select a symbol FOO even
> >>>#        if FOO depends on BAR that is not set.
> >>>#        In general use select only for non-visible symbols
> >>>#        (no prompts anywhere) and for symbols with no dependencies.
> >>>#        That will limit the usefulness but on the other hand avoid
> >>>#        the illegal configurations all over.
> >>>
> >>>-Takahiro Akashi
> >>>
> >>>
> >>>>lib/rsa/rsa-keyprop.c:669: undefined reference to `rsa_parse_pub_key'
> >>>>
> >>>>RSA_PUBLIC_KEY_PARSER depends on
> >>>>ASYMMETRIC_KEY_TYPE [=n] && ASYMMETRIC_PUBLIC_KEY_SUBTYPE [=n]
> >>>>
> >>>>Please, fix the dependencies.
> >>>>
> >>>>Best regards
> >>>>
> >>>>Heinrich
> >>>>
> >>>>>+	bool "Execute RSA verification without key parameters from FDT"
> >>>>>+	depends on RSA
> >>>>>+	help
> >>>>>+	  The standard RSA-signature verification code (FIT_SIGNATURE) uses
> >>>>>+	  pre-calculated key properties, that are stored in fdt blob, in
> >>>>>+	  decrypting a signature.
> >>>>>+	  This does not suit the use case where there is no way defined to
> >>>>>+	  provide such additional key properties in standardized form,
> >>>>>+	  particularly UEFI secure boot.
> >>>>>+	  This options enables RSA signature verification with a public key
> >>>>>+	  directly specified in image_sign_info, where all the necessary
> >>>>>+	  key properties will be calculated on the fly in verification code.
> >>>>>+
> >>>>>  config RSA_SOFTWARE_EXP
> >>>>>  	bool "Enable driver for RSA Modular Exponentiation in software"
> >>>>>  	depends on DM
> >>>>>
> >>>
> >>
> >
>
Tom Rini Jan. 21, 2020, 3:34 p.m. UTC | #7
On Tue, Jan 21, 2020 at 01:29:58PM +0900, AKASHI Takahiro wrote:
> Tom, Simon,
> 
> On Fri, Jan 17, 2020 at 06:59:44AM +0100, Heinrich Schuchardt wrote:
> > On 1/17/20 3:24 AM, AKASHI Takahiro wrote:
> > >On Tue, Jan 14, 2020 at 12:43:40PM +0100, Heinrich Schuchardt wrote:
> > >>On 1/14/20 8:45 AM, AKASHI Takahiro wrote:
> > >>>On Wed, Jan 08, 2020 at 01:35:13PM +0100, Heinrich Schuchardt wrote:
> > >>>>On 11/21/19 1:11 AM, AKASHI Takahiro wrote:
> > >>>>>In the next couple of commits, under new CONFIG_RSA_VERIFY_WITH_PKEY,
> > >>>>>rsa_verify() will be extended to be able to perform RSA decryption without
> > >>>>>additional RSA key properties from FIT image, i.e. rr and n0inv.
> > >>>>>
> > >>>>>Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
> > >>>>>Reviewed-by: Simon Glass <sjg@chromium.org>
> > >>>>
> > >>>>The patch series does not build for some configurations.
> > >>>>
> > >>>>>---
> > >>>>>  lib/rsa/Kconfig | 14 ++++++++++++++
> > >>>>>  1 file changed, 14 insertions(+)
> > >>>>>
> > >>>>>diff --git a/lib/rsa/Kconfig b/lib/rsa/Kconfig
> > >>>>>index 03ffa2969048..71e4c06bf883 100644
> > >>>>>--- a/lib/rsa/Kconfig
> > >>>>>+++ b/lib/rsa/Kconfig
> > >>>>>@@ -30,6 +30,20 @@ config RSA_VERIFY
> > >>>>>  	help
> > >>>>>  	  Add RSA signature verification support.
> > >>>>>
> > >>>>>+config RSA_VERIFY_WITH_PKEY
> > >>>>
> > >>>>For CONFIG_RSA_VERIFY_WITH_PKEY=y and CONFIG_RSA_PUBLIC_KEY_PARSER=n
> > >>>>I get an error:
> > >>>
> > >>>This error is inevitable as both RSA_VERIFY_WITH_PKEY and
> > >>>RSA_PUBLIC_KEY_PARSER are "select"able configurations with
> > >>>visible prompts and then
> > >>
> > >>No, it is not inevitbable. Just ensure that in the Makefiles all modules
> > >>are selected that you need for your configuration.
> > >
> > >How?
> > >Can you please show me a simple solution?
> > 
> 
> Which is your choice as a maintainer/author of lib/rsa?
> 
> In my opinion,
> 
> > ifneq($(CONFIG_RSA_VERIFY_WITH_PKEY)$(CONFIG_RSA_PUBLIC_KEY_PARSER),)
> > obj-y += foo.o
> > endif
> 
> I will take this by a process of elimination.
> 
> > or
> > 
> > config RSA_VERIFY_WITH_PKEY
> > 	depends on RSA_PUBLIC_KEY_PARSER
> 
> I normally use "depends on" to select a subset feature of the target.
> 
> > or
> > 
> > config RSA_VERIFY_WITH_PKEY
> > 	select RSA_PUBLIC_KEY_PARSER
> 
> Nak, as I said, because RSA_PUBLIC_KEY_PARSER is a visible configuration symbol.

This is getting a bit complicated.  So, if and only if
RSA_VERIFY_WITH_PKEY and RSA_PUBLIC_KEY_PARSER can be functional without
the other enabled:
obj-$(CONFIG_RSA_VERIFY_WITH_PKEY) += verify-with-pkey.o common-thing.o
obj-$(CONFIG_RSA_PUBLIC_KEY_PARSER) += public-key-parser.o common-thing.o
and we don't need to do anything extra with depends/select.  There's
nothing wrong with listing an object multiple times, it gets sorted
correctly.
diff mbox series

Patch

diff --git a/lib/rsa/Kconfig b/lib/rsa/Kconfig
index 03ffa2969048..71e4c06bf883 100644
--- a/lib/rsa/Kconfig
+++ b/lib/rsa/Kconfig
@@ -30,6 +30,20 @@  config RSA_VERIFY
 	help
 	  Add RSA signature verification support.
 
+config RSA_VERIFY_WITH_PKEY
+	bool "Execute RSA verification without key parameters from FDT"
+	depends on RSA
+	help
+	  The standard RSA-signature verification code (FIT_SIGNATURE) uses
+	  pre-calculated key properties, that are stored in fdt blob, in
+	  decrypting a signature.
+	  This does not suit the use case where there is no way defined to
+	  provide such additional key properties in standardized form,
+	  particularly UEFI secure boot.
+	  This options enables RSA signature verification with a public key
+	  directly specified in image_sign_info, where all the necessary
+	  key properties will be calculated on the fly in verification code.
+
 config RSA_SOFTWARE_EXP
 	bool "Enable driver for RSA Modular Exponentiation in software"
 	depends on DM