| Message ID | 20210111154137.621732-6-mr.nuke.me@gmail.com |
|---|---|
| State | Superseded |
| Delegated to: | Patrick Delaunay |
| Headers | show |
| Series | Enable ECDSA FIT verification for stm32mp | expand |
On Mon, 11 Jan 2021 at 08:41, Alexandru Gagniuc <mr.nuke.me@gmail.com> wrote: > > FIT signatures can now be implemented with ECDSA. The assumption that > all FIT images are signed with RSA is no longer valid. Thus, instead > of 'select'ing RSA, only 'imply' it. This doesn't change the defaults, > but allows one to explicitly disable RSA support. > > Signed-off-by: Alexandru Gagniuc <mr.nuke.me@gmail.com> > --- > common/Kconfig.boot | 8 ++++---- > 1 file changed, 4 insertions(+), 4 deletions(-) Reviewed-by: Simon Glass <sjg@chromium.org>
diff --git a/common/Kconfig.boot b/common/Kconfig.boot index 3f6d9c1a25..280476698d 100644 --- a/common/Kconfig.boot +++ b/common/Kconfig.boot @@ -67,8 +67,8 @@ config FIT_SIGNATURE bool "Enable signature verification of FIT uImages" depends on DM select HASH - select RSA - select RSA_VERIFY + imply RSA + imply RSA_VERIFY select IMAGE_SIGN_INFO help This option enables signature verification of FIT uImages, @@ -159,8 +159,8 @@ config SPL_FIT_SIGNATURE select SPL_FIT select SPL_CRYPTO_SUPPORT select SPL_HASH_SUPPORT - select SPL_RSA - select SPL_RSA_VERIFY + imply SPL_RSA + imply SPL_RSA_VERIFY select SPL_IMAGE_SIGN_INFO config SPL_LOAD_FIT
FIT signatures can now be implemented with ECDSA. The assumption that all FIT images are signed with RSA is no longer valid. Thus, instead of 'select'ing RSA, only 'imply' it. This doesn't change the defaults, but allows one to explicitly disable RSA support. Signed-off-by: Alexandru Gagniuc <mr.nuke.me@gmail.com> --- common/Kconfig.boot | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-)