Message ID | 20210517183904.853304-5-mr.nuke.me@gmail.com |
---|---|
State | Changes Requested |
Delegated to: | Patrice Chotard |
Headers | show |
Series | Enable ECDSA FIT verification for stm32mp | expand |
On Mon, May 17, 2021 at 9:40 PM Alexandru Gagniuc <mr.nuke.me@gmail.com> wrote: > > FIT signatures can now be implemented with ECDSA. The assumption that > all FIT images are signed with RSA is no longer valid. Thus, instead > of 'select'ing RSA, only 'imply' it. This doesn't change the defaults, > but allows one to explicitly disable RSA support. > > Signed-off-by: Alexandru Gagniuc <mr.nuke.me@gmail.com> > Reviewed-by: Simon Glass <sjg@chromium.org> > --- > common/Kconfig.boot | 8 ++++---- > 1 file changed, 4 insertions(+), 4 deletions(-) > > diff --git a/common/Kconfig.boot b/common/Kconfig.boot > index 03a6e6f214..1527e3e600 100644 > --- a/common/Kconfig.boot > +++ b/common/Kconfig.boot > @@ -76,8 +76,8 @@ config FIT_SIGNATURE > bool "Enable signature verification of FIT uImages" > depends on DM > select HASH > - select RSA > - select RSA_VERIFY > + imply RSA > + imply RSA_VERIFY > select IMAGE_SIGN_INFO > select FIT_FULL_CHECK > help > @@ -186,8 +186,8 @@ config SPL_FIT_SIGNATURE > select SPL_FIT > select SPL_CRYPTO_SUPPORT > select SPL_HASH_SUPPORT > - select SPL_RSA > - select SPL_RSA_VERIFY > + imply SPL_RSA > + imply SPL_RSA_VERIFY > select SPL_IMAGE_SIGN_INFO > select SPL_FIT_FULL_CHECK > > -- > 2.31.1 > Reviewed-by: Igor Opaniuk <igor.opaniuk@foundries.io>
diff --git a/common/Kconfig.boot b/common/Kconfig.boot index 03a6e6f214..1527e3e600 100644 --- a/common/Kconfig.boot +++ b/common/Kconfig.boot @@ -76,8 +76,8 @@ config FIT_SIGNATURE bool "Enable signature verification of FIT uImages" depends on DM select HASH - select RSA - select RSA_VERIFY + imply RSA + imply RSA_VERIFY select IMAGE_SIGN_INFO select FIT_FULL_CHECK help @@ -186,8 +186,8 @@ config SPL_FIT_SIGNATURE select SPL_FIT select SPL_CRYPTO_SUPPORT select SPL_HASH_SUPPORT - select SPL_RSA - select SPL_RSA_VERIFY + imply SPL_RSA + imply SPL_RSA_VERIFY select SPL_IMAGE_SIGN_INFO select SPL_FIT_FULL_CHECK