mirror of
				https://source.denx.de/u-boot/u-boot.git
				synced 2025-10-24 22:11:26 +02:00 
			
		
		
		
	In the current implementation of FIT_SIGNATURE, five parameters for a RSA public key are required while only two of them are essential. (See rsa-mod-exp.h and uImage.FIT/signature.txt) This is a result of considering relatively limited computer power and resources on embedded systems, while such a assumption may not be quite practical for other use cases. In this patch, added is a function, rsa_gen_key_prop(), which will generate additional parameters for other uses, in particular UEFI secure boot, on the fly. Note: the current code uses some "big number" routines from BearSSL for the calculation. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
		
			
				
	
	
		
			65 lines
		
	
	
		
			2.1 KiB
		
	
	
	
		
			Plaintext
		
	
	
	
	
	
			
		
		
	
	
			65 lines
		
	
	
		
			2.1 KiB
		
	
	
	
		
			Plaintext
		
	
	
	
	
	
| config RSA
 | |
| 	bool "Use RSA Library"
 | |
| 	select RSA_FREESCALE_EXP if FSL_CAAM && !ARCH_MX7 && !ARCH_MX6 && !ARCH_MX5
 | |
| 	select RSA_SOFTWARE_EXP if !RSA_FREESCALE_EXP
 | |
| 	help
 | |
| 	  RSA support. This enables the RSA algorithm used for FIT image
 | |
| 	  verification in U-Boot.
 | |
| 	  See doc/uImage.FIT/signature.txt for more details.
 | |
| 	  The Modular Exponentiation algorithm in RSA is implemented using
 | |
| 	  driver model. So CONFIG_DM needs to be enabled by default for this
 | |
| 	  library to function.
 | |
| 	  The signing part is build into mkimage regardless of this
 | |
| 	  option. The software based modular exponentiation is built into
 | |
| 	  mkimage irrespective of this option.
 | |
| 
 | |
| if RSA
 | |
| 
 | |
| config SPL_RSA
 | |
| 	bool "Use RSA Library within SPL"
 | |
| 
 | |
| config SPL_RSA_VERIFY
 | |
| 	bool
 | |
| 	help
 | |
| 	  Add RSA signature verification support in SPL.
 | |
| 
 | |
| config RSA_VERIFY
 | |
| 	bool
 | |
| 	help
 | |
| 	  Add RSA signature verification support.
 | |
| 
 | |
| config RSA_VERIFY_WITH_PKEY
 | |
| 	bool "Execute RSA verification without key parameters from FDT"
 | |
| 	select RSA_VERIFY
 | |
| 	select ASYMMETRIC_KEY_TYPE
 | |
| 	select ASYMMETRIC_PUBLIC_KEY_SUBTYPE
 | |
| 	select RSA_PUBLIC_KEY_PARSER
 | |
| 	help
 | |
| 	  The standard RSA-signature verification code (FIT_SIGNATURE) uses
 | |
| 	  pre-calculated key properties, that are stored in fdt blob, in
 | |
| 	  decrypting a signature.
 | |
| 	  This does not suit the use case where there is no way defined to
 | |
| 	  provide such additional key properties in standardized form,
 | |
| 	  particularly UEFI secure boot.
 | |
| 	  This options enables RSA signature verification with a public key
 | |
| 	  directly specified in image_sign_info, where all the necessary
 | |
| 	  key properties will be calculated on the fly in verification code.
 | |
| 
 | |
| config RSA_SOFTWARE_EXP
 | |
| 	bool "Enable driver for RSA Modular Exponentiation in software"
 | |
| 	depends on DM
 | |
| 	help
 | |
| 	  Enables driver for modular exponentiation in software. This is a RSA
 | |
| 	  algorithm used in FIT image verification. It required RSA Key as
 | |
| 	  input.
 | |
| 	  See doc/uImage.FIT/signature.txt for more details.
 | |
| 
 | |
| config RSA_FREESCALE_EXP
 | |
| 	bool "Enable RSA Modular Exponentiation with FSL crypto accelerator"
 | |
| 	depends on DM && FSL_CAAM && !ARCH_MX7 && !ARCH_MX6 && !ARCH_MX5
 | |
| 	help
 | |
| 	Enables driver for RSA modular exponentiation using Freescale cryptographic
 | |
| 	accelerator - CAAM.
 | |
| 
 | |
| endif
 |