leandrof/u-boot
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Kconfig: FIT_SIGNATURE should not select RSA_VERIFY

Browse Source 
FIT signatures can now be implemented with ECDSA. The assumption that
all FIT images are signed with RSA is no longer valid. Thus, instead
of 'select'ing RSA, only 'imply' it. This doesn't change the defaults,
but allows one to explicitly disable RSA support.

Signed-off-by: Alexandru Gagniuc <mr.nuke.me@gmail.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Igor Opaniuk <igor.opaniuk@foundries.io>
Reviewed-by: Patrick Delaunay <patrick.delaunay@foss.st.com>
This commit is contained in:
Alexandru Gagniuc 2021-07-29 11:47:18 -05:00 committed by Patrice Chotard
parent ee870859ce
commit 61416fe9df
1 changed files with 4 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
common/Kconfig.boot
View File

@ -76,8 +76,8 @@ config FIT_SIGNATURE
bool "Enable signature verification of FIT uImages" bool "Enable signature verification of FIT uImages"
depends on DM depends on DM
select HASH select HASH
select RSA imply RSA
select RSA_VERIFY imply RSA_VERIFY
select IMAGE_SIGN_INFO select IMAGE_SIGN_INFO
select FIT_FULL_CHECK select FIT_FULL_CHECK
help help
@ -186,8 +186,8 @@ config SPL_FIT_SIGNATURE
select SPL_FIT select SPL_FIT
select SPL_CRYPTO select SPL_CRYPTO
select SPL_HASH_SUPPORT select SPL_HASH_SUPPORT
select SPL_RSA imply SPL_RSA
select SPL_RSA_VERIFY imply SPL_RSA_VERIFY
select SPL_IMAGE_SIGN_INFO select SPL_IMAGE_SIGN_INFO
select SPL_FIT_FULL_CHECK select SPL_FIT_FULL_CHECK