| Message ID | 20210416081038.725153-1-igor.opaniuk@gmail.com |
|---|---|
| State | RFC |
| Delegated to: | Tom Rini |
| Headers | show |
| Series | [RFC,v1] lib: rsa: introduce RSA_SOFTWARE_EXP_TINY | expand |
Hi Igor, On Fri, 16 Apr 2021 at 01:10, Igor Opaniuk <igor.opaniuk@foundries.io> wrote: > > From: Igor Opaniuk <igor.opaniuk@foundries.io> > > Introduce RSA_SOFTWARE_EXP_TINY Kconfig option, which does not require > DM to be enabled. This can be handy on devices, where SPL + signed > U-Boot FIT image setup is used, where it isn't possible to enable SPL_DM > mainly due to SRAM size constraits. > > For example, on iMX8MM with this option enabled and SPL_DM disabled > it's possible to save almost 11Kb: That seems a lot...do you have OF_PLATDATA enabled? > > With RSA_SOFTWARE_EXP_TINY enabled: > spl/u-boot-spl-nodtb.bin 99824 > > Without: > spl/u-boot-spl-nodtb.bin 111088 > > Signed-off-by: Igor Opaniuk <igor.opaniuk@foundries.io> > --- > > lib/rsa/Kconfig | 11 ++++++++++- > lib/rsa/rsa-verify.c | 8 ++++---- > 2 files changed, 14 insertions(+), 5 deletions(-) Regards, Simon
Hi Simon, On Thu, Apr 29, 2021 at 7:10 PM Simon Glass <sjg@chromium.org> wrote: > > Hi Igor, > > On Fri, 16 Apr 2021 at 01:10, Igor Opaniuk <igor.opaniuk@foundries.io> wrote: > > > > From: Igor Opaniuk <igor.opaniuk@foundries.io> > > > > Introduce RSA_SOFTWARE_EXP_TINY Kconfig option, which does not require > > DM to be enabled. This can be handy on devices, where SPL + signed > > U-Boot FIT image setup is used, where it isn't possible to enable SPL_DM > > mainly due to SRAM size constraits. > > > > For example, on iMX8MM with this option enabled and SPL_DM disabled > > it's possible to save almost 11Kb: > > That seems a lot...do you have OF_PLATDATA enabled? Nope, it's not enabled. I've managed to get these numbers when experimenting with NXP U-Boot fork, which is based on 2020.04. I also checked a while ago iMX6ULL mainline U-Boot with this patch, and size decrease was around 4-5 Kb, which basically is also not bad (considering 64Kb SPL size limitation for this SoC). > > > > > With RSA_SOFTWARE_EXP_TINY enabled: > > spl/u-boot-spl-nodtb.bin 99824 > > > > Without: > > spl/u-boot-spl-nodtb.bin 111088 > > > > Signed-off-by: Igor Opaniuk <igor.opaniuk@foundries.io> > > --- > > > > lib/rsa/Kconfig | 11 ++++++++++- > > lib/rsa/rsa-verify.c | 8 ++++---- > > 2 files changed, 14 insertions(+), 5 deletions(-) > > Regards, > Simon Thanks
Hi Igor, On Wed, 5 May 2021 at 06:58, Igor Opaniuk <igor.opaniuk@foundries.io> wrote: > > Hi Simon, > > On Thu, Apr 29, 2021 at 7:10 PM Simon Glass <sjg@chromium.org> wrote: > > > > Hi Igor, > > > > On Fri, 16 Apr 2021 at 01:10, Igor Opaniuk <igor.opaniuk@foundries.io> wrote: > > > > > > From: Igor Opaniuk <igor.opaniuk@foundries.io> > > > > > > Introduce RSA_SOFTWARE_EXP_TINY Kconfig option, which does not require > > > DM to be enabled. This can be handy on devices, where SPL + signed > > > U-Boot FIT image setup is used, where it isn't possible to enable SPL_DM > > > mainly due to SRAM size constraits. > > > > > > For example, on iMX8MM with this option enabled and SPL_DM disabled > > > it's possible to save almost 11Kb: > > > > That seems a lot...do you have OF_PLATDATA enabled? > Nope, it's not enabled. I think you should look at that first. It is likely to give a much larger benefit. > I've managed to get these numbers when experimenting with NXP U-Boot fork, > which is based on 2020.04. > > I also checked a while ago iMX6ULL mainline U-Boot with this patch, and size > decrease was around 4-5 Kb, which basically is also not bad (considering 64Kb > SPL size limitation for this SoC). OK I see, but if we did this with every subsystem won't we end up with chaos? There will be cases where driver model is impossible, but with 64KB (which I assume you mean) I would hope that we could avoid it. > > > > > > > > > With RSA_SOFTWARE_EXP_TINY enabled: > > > spl/u-boot-spl-nodtb.bin 99824 > > > > > > Without: > > > spl/u-boot-spl-nodtb.bin 111088 > > > > > > Signed-off-by: Igor Opaniuk <igor.opaniuk@foundries.io> > > > --- > > > > > > lib/rsa/Kconfig | 11 ++++++++++- > > > lib/rsa/rsa-verify.c | 8 ++++---- > > > 2 files changed, 14 insertions(+), 5 deletions(-) Regards, Simon
diff --git a/lib/rsa/Kconfig b/lib/rsa/Kconfig index a90d67e5a8..03692b73bb 100644 --- a/lib/rsa/Kconfig +++ b/lib/rsa/Kconfig @@ -1,7 +1,8 @@ config RSA bool "Use RSA Library" select RSA_FREESCALE_EXP if FSL_CAAM && !ARCH_MX7 && !ARCH_MX6 && !ARCH_MX5 - select RSA_SOFTWARE_EXP if !RSA_FREESCALE_EXP + select RSA_SOFTWARE_EXP if !RSA_FREESCALE_EXP && DM + select RSA_SOFTWARE_EXP_TINY if !RSA_FREESCALE_EXP && !DM help RSA support. This enables the RSA algorithm used for FIT image verification in U-Boot. @@ -45,6 +46,14 @@ config RSA_VERIFY_WITH_PKEY directly specified in image_sign_info, where all the necessary key properties will be calculated on the fly in verification code. +config RSA_SOFTWARE_EXP_TINY + bool "Enable non-DM RSA Modular Exponentiation software implementation" + help + Enable modular exponentiation implementation in software, which + does not require Driver Model to be enabled. This is a RSA algorithm + used in FIT image verification. It required RSA Key as input. + See doc/uImage.FIT/signature.txt for more details. + config RSA_SOFTWARE_EXP bool "Enable driver for RSA Modular Exponentiation in software" depends on DM diff --git a/lib/rsa/rsa-verify.c b/lib/rsa/rsa-verify.c index aee76f42d5..0162253636 100644 --- a/lib/rsa/rsa-verify.c +++ b/lib/rsa/rsa-verify.c @@ -319,7 +319,7 @@ static int rsa_verify_key(struct image_sign_info *info, const uint32_t key_len) { int ret; -#if !defined(USE_HOSTCC) +#if !(defined(USE_HOSTCC) || defined(RSA_SOFTWARE_EXP_TINY)) struct udevice *mod_exp_dev; #endif struct checksum_algo *checksum = info->checksum; @@ -346,7 +346,9 @@ static int rsa_verify_key(struct image_sign_info *info, uint8_t buf[sig_len]; hash_len = checksum->checksum_len; -#if !defined(USE_HOSTCC) +#if defined(USE_HOSTCC) || defined(RSA_SOFTWARE_EXP_TINY) + ret = rsa_mod_exp_sw(sig, sig_len, prop, buf); +#else ret = uclass_get_device(UCLASS_MOD_EXP, 0, &mod_exp_dev); if (ret) { printf("RSA: Can't find Modular Exp implementation\n"); @@ -354,8 +356,6 @@ static int rsa_verify_key(struct image_sign_info *info, } ret = rsa_mod_exp(mod_exp_dev, sig, sig_len, prop, buf); -#else - ret = rsa_mod_exp_sw(sig, sig_len, prop, buf); #endif if (ret) { debug("Error in Modular exponentation\n");