diff mbox series

[v5,4/5] Kconfig: FIT_SIGNATURE should not select RSA_VERIFY

Message ID 20210517183904.853304-5-mr.nuke.me@gmail.com
State Changes Requested
Delegated to: Patrice Chotard
Headers show
Series Enable ECDSA FIT verification for stm32mp | expand

Commit Message

Alexandru Gagniuc May 17, 2021, 6:39 p.m. UTC 
FIT signatures can now be implemented with ECDSA. The assumption that
all FIT images are signed with RSA is no longer valid. Thus, instead
of 'select'ing RSA, only 'imply' it. This doesn't change the defaults,
but allows one to explicitly disable RSA support.

Signed-off-by: Alexandru Gagniuc <mr.nuke.me@gmail.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
---
 common/Kconfig.boot | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

Comments

Igor Opaniuk May 17, 2021, 7:10 p.m. UTC | #1 
On Mon, May 17, 2021 at 9:40 PM Alexandru Gagniuc <mr.nuke.me@gmail.com> wrote:
>
> FIT signatures can now be implemented with ECDSA. The assumption that
> all FIT images are signed with RSA is no longer valid. Thus, instead
> of 'select'ing RSA, only 'imply' it. This doesn't change the defaults,
> but allows one to explicitly disable RSA support.
>
> Signed-off-by: Alexandru Gagniuc <mr.nuke.me@gmail.com>
> Reviewed-by: Simon Glass <sjg@chromium.org>
> ---
>  common/Kconfig.boot | 8 ++++----
>  1 file changed, 4 insertions(+), 4 deletions(-)
>
> diff --git a/common/Kconfig.boot b/common/Kconfig.boot
> index 03a6e6f214..1527e3e600 100644
> --- a/common/Kconfig.boot
> +++ b/common/Kconfig.boot
> @@ -76,8 +76,8 @@ config FIT_SIGNATURE
>         bool "Enable signature verification of FIT uImages"
>         depends on DM
>         select HASH
> -       select RSA
> -       select RSA_VERIFY
> +       imply RSA
> +       imply RSA_VERIFY
>         select IMAGE_SIGN_INFO
>         select FIT_FULL_CHECK
>         help
> @@ -186,8 +186,8 @@ config SPL_FIT_SIGNATURE
>         select SPL_FIT
>         select SPL_CRYPTO_SUPPORT
>         select SPL_HASH_SUPPORT
> -       select SPL_RSA
> -       select SPL_RSA_VERIFY
> +       imply SPL_RSA
> +       imply SPL_RSA_VERIFY
>         select SPL_IMAGE_SIGN_INFO
>         select SPL_FIT_FULL_CHECK
>
> --
> 2.31.1
>

Reviewed-by: Igor Opaniuk <igor.opaniuk@foundries.io>
diff mbox series

Patch

diff --git a/common/Kconfig.boot b/common/Kconfig.boot
index 03a6e6f214..1527e3e600 100644
--- a/common/Kconfig.boot
+++ b/common/Kconfig.boot
@@ -76,8 +76,8 @@  config FIT_SIGNATURE
 	bool "Enable signature verification of FIT uImages"
 	depends on DM
 	select HASH
-	select RSA
-	select RSA_VERIFY
+	imply RSA
+	imply RSA_VERIFY
 	select IMAGE_SIGN_INFO
 	select FIT_FULL_CHECK
 	help
@@ -186,8 +186,8 @@  config SPL_FIT_SIGNATURE
 	select SPL_FIT
 	select SPL_CRYPTO_SUPPORT
 	select SPL_HASH_SUPPORT
-	select SPL_RSA
-	select SPL_RSA_VERIFY
+	imply SPL_RSA
+	imply SPL_RSA_VERIFY
 	select SPL_IMAGE_SIGN_INFO
 	select SPL_FIT_FULL_CHECK