From patchwork Mon Jan 11 15:41:37 2021
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: "Alex G." <mr.nuke.me@gmail.com>
X-Patchwork-Id: 1424693
X-Patchwork-Delegate: patrick.delaunay73@gmail.com
Return-Path: <u-boot-bounces@lists.denx.de>
X-Original-To: incoming@patchwork.ozlabs.org
Delivered-To: patchwork-incoming@bilbo.ozlabs.org
Authentication-Results: ozlabs.org;
 spf=pass (sender SPF authorized) smtp.mailfrom=lists.denx.de
 (client-ip=2a01:238:438b:c500:173d:9f52:ddab:ee01; helo=phobos.denx.de;
 envelope-from=u-boot-bounces@lists.denx.de; receiver=<UNKNOWN>)
Authentication-Results: ozlabs.org;
 dmarc=pass (p=none dis=none) header.from=gmail.com
Authentication-Results: ozlabs.org;
	dkim=pass (2048-bit key;
 unprotected) header.d=gmail.com header.i=@gmail.com header.a=rsa-sha256
 header.s=20161025 header.b=jbeZ0LxC;
	dkim-atps=neutral
Received: from phobos.denx.de (phobos.denx.de
 [IPv6:2a01:238:438b:c500:173d:9f52:ddab:ee01])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits))
	(No client certificate requested)
	by ozlabs.org (Postfix) with ESMTPS id 4DDydN3dprz9srZ
	for <incoming@patchwork.ozlabs.org>; Tue, 12 Jan 2021 02:42:32 +1100 (AEDT)
Received: from h2850616.stratoserver.net (localhost [IPv6:::1])
	by phobos.denx.de (Postfix) with ESMTP id 75ADE82926;
	Mon, 11 Jan 2021 16:41:58 +0100 (CET)
Authentication-Results: phobos.denx.de;
 dmarc=pass (p=none dis=none) header.from=gmail.com
Authentication-Results: phobos.denx.de;
 spf=pass smtp.mailfrom=u-boot-bounces@lists.denx.de
Authentication-Results: phobos.denx.de;
	dkim=pass (2048-bit key;
 unprotected) header.d=gmail.com header.i=@gmail.com header.b="jbeZ0LxC";
	dkim-atps=neutral
Received: by phobos.denx.de (Postfix, from userid 109)
 id E995D82781; Mon, 11 Jan 2021 16:41:48 +0100 (CET)
X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on phobos.denx.de
X-Spam-Level: 
X-Spam-Status: No, score=-2.0 required=5.0 tests=BAYES_00,DKIM_SIGNED,
 DKIM_VALID,DKIM_VALID_AU,FREEMAIL_FROM,RCVD_IN_DNSWL_NONE,
 SPF_HELO_NONE autolearn=ham autolearn_force=no version=3.4.2
Received: from mail-ot1-x333.google.com (mail-ot1-x333.google.com
 [IPv6:2607:f8b0:4864:20::333])
 (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits))
 (No client certificate requested)
 by phobos.denx.de (Postfix) with ESMTPS id C571E82746
 for <u-boot@lists.denx.de>; Mon, 11 Jan 2021 16:41:44 +0100 (CET)
Authentication-Results: phobos.denx.de;
 dmarc=pass (p=none dis=none) header.from=gmail.com
Authentication-Results: phobos.denx.de;
 spf=pass smtp.mailfrom=mr.nuke.me@gmail.com
Received: by mail-ot1-x333.google.com with SMTP id w3so7711otp.13
 for <u-boot@lists.denx.de>; Mon, 11 Jan 2021 07:41:44 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025;
 h=from:to:cc:subject:date:message-id:in-reply-to:references
 :mime-version:content-transfer-encoding;
 bh=S2lIsKJ+gBVmNy6vKVvFbB+xENlQQdzSridZqX54ijg=;
 b=jbeZ0LxCf8cyayfdokZsoiIeybG+XUpjbBALZGn4VJHRNPyYr4o/kkcORtEuaopVF7
 29ewax2SdOx67p7LP9C2My8r3Qp8pU7g8aTG9tEuPFN8LOU4n0SUyRGC3aBJcdnGbNKi
 mRdjbMWPq1RfhxX39fgGxP28TrOF/0vAj1TR8nvC50fMTkrJpHDCICAB/PvrYpgcoGY/
 pBnu7qqxPiS0Ht4sBoCgVwQ0g2KLbM9NLdadQDpbdZcr622fzzgrIiPJr/BwYLS5rJGY
 waIMYJvvvfklj5UcUinAI33zvLEnt+rl6ZYOeH8FTSo+CzAkJSSM2otRyDHfTx3cTybA
 Bovw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=1e100.net; s=20161025;
 h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to
 :references:mime-version:content-transfer-encoding;
 bh=S2lIsKJ+gBVmNy6vKVvFbB+xENlQQdzSridZqX54ijg=;
 b=XGnycYwu1z0kVA0fQwy3WeC/cLvzNLl+WeOqr5gl6kxeDapwNm5kWpfo5nK4lrQIr8
 R1HjlupzxxN79rkomvSdV9azZXV3nPJ9529vRvI81pcKe0xUNJf5cPcJSZa1GrsqD+h8
 Mp7UJxAJhUwwPcdrNQVN4olWZJZHYxblsb1zgZ7VwKUHTNVKKpPBIBAtEzjyW5RA9ffQ
 rFlWCzcTX6OS/lrf/w3RT2dmU+klyybyBh/j2X9BFrVR8i8tZzSnP/hzO68BJWCRM8Xl
 wpQYJI4JoE5gJwgaYcWIxcgMKWKtQrM6iAbosKIssMgaKqgbt1PEIa0B27ExMS6XCRRf
 r8bA==
X-Gm-Message-State: AOAM532pPSmwoR7pUeibaexE6XhU9VaRcUxvXFS2E+Uz/5GQeQbPxXUI
 Umc0uxwIsxssT8X7WLNP/XanCYxnXMpwRQ==
X-Google-Smtp-Source: 
 ABdhPJwwJLQIOK6rfjWE2atQxbKMIcI204pnq1CdCLIcMJ4v9X2C+AZ/HylHyJvYjmt5FZuHpvzjTg==
X-Received: by 2002:a9d:6208:: with SMTP id g8mr11641804otj.165.1610379703500;
 Mon, 11 Jan 2021 07:41:43 -0800 (PST)
Received: from nuclearis2-1.lan (c-98-195-139-126.hsd1.tx.comcast.net.
 [98.195.139.126])
 by smtp.gmail.com with ESMTPSA id k10sm16690otn.71.2021.01.11.07.41.42
 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
 Mon, 11 Jan 2021 07:41:42 -0800 (PST)
From: Alexandru Gagniuc <mr.nuke.me@gmail.com>
To: u-boot@lists.denx.de,
	sjg@chromium.org
Cc: Alexandru Gagniuc <mr.nuke.me@gmail.com>, trini@konsulko.com,
 marex@denx.de
Subject: [PATCH 5/5] Kconfig: FIT_SIGNATURE should not select RSA_VERIFY
Date: Mon, 11 Jan 2021 09:41:37 -0600
Message-Id: <20210111154137.621732-6-mr.nuke.me@gmail.com>
X-Mailer: git-send-email 2.26.2
In-Reply-To: <20210111154137.621732-1-mr.nuke.me@gmail.com>
References: <20210111154137.621732-1-mr.nuke.me@gmail.com>
MIME-Version: 1.0
X-BeenThere: u-boot@lists.denx.de
X-Mailman-Version: 2.1.34
Precedence: list
List-Id: U-Boot discussion <u-boot.lists.denx.de>
List-Unsubscribe: <https://lists.denx.de/options/u-boot>,
 <mailto:u-boot-request@lists.denx.de?subject=unsubscribe>
List-Archive: <https://lists.denx.de/pipermail/u-boot/>
List-Post: <mailto:u-boot@lists.denx.de>
List-Help: <mailto:u-boot-request@lists.denx.de?subject=help>
List-Subscribe: <https://lists.denx.de/listinfo/u-boot>,
 <mailto:u-boot-request@lists.denx.de?subject=subscribe>
Errors-To: u-boot-bounces@lists.denx.de
Sender: "U-Boot" <u-boot-bounces@lists.denx.de>
X-Virus-Scanned: clamav-milter 0.102.3 at phobos.denx.de
X-Virus-Status: Clean

FIT signatures can now be implemented with ECDSA. The assumption that
all FIT images are signed with RSA is no longer valid. Thus, instead
of 'select'ing RSA, only 'imply' it. This doesn't change the defaults,
but allows one to explicitly disable RSA support.

Signed-off-by: Alexandru Gagniuc <mr.nuke.me@gmail.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
---
 common/Kconfig.boot | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/common/Kconfig.boot b/common/Kconfig.boot
index 3f6d9c1a25..280476698d 100644
--- a/common/Kconfig.boot
+++ b/common/Kconfig.boot
@@ -67,8 +67,8 @@ config FIT_SIGNATURE
 	bool "Enable signature verification of FIT uImages"
 	depends on DM
 	select HASH
-	select RSA
-	select RSA_VERIFY
+	imply RSA
+	imply RSA_VERIFY
 	select IMAGE_SIGN_INFO
 	help
 	  This option enables signature verification of FIT uImages,
@@ -159,8 +159,8 @@ config SPL_FIT_SIGNATURE
 	select SPL_FIT
 	select SPL_CRYPTO_SUPPORT
 	select SPL_HASH_SUPPORT
-	select SPL_RSA
-	select SPL_RSA_VERIFY
+	imply SPL_RSA
+	imply SPL_RSA_VERIFY
 	select SPL_IMAGE_SIGN_INFO
 
 config SPL_LOAD_FIT