lib: rsa: allow rsa verify with pkey in SPL

This commit adds the option SPL_RSA_VERIFY_WITH_PKEY.

Reviewed-by: Simon Glass <sjg@chromium.org>
Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
This commit is contained in:
Philippe Reynes 2022-03-28 22:56:58 +02:00 committed by Tom Rini
parent e44ec9f709
commit f6bacf1d48

View File

@ -47,6 +47,25 @@ config RSA_VERIFY_WITH_PKEY
directly specified in image_sign_info, where all the necessary
key properties will be calculated on the fly in verification code.
config SPL_RSA_VERIFY_WITH_PKEY
bool "Execute RSA verification without key parameters from FDT within SPL"
depends on SPL
select SPL_RSA_VERIFY
select SPL_ASYMMETRIC_KEY_TYPE
select SPL_ASYMMETRIC_PUBLIC_KEY_SUBTYPE
select SPL_RSA_PUBLIC_KEY_PARSER
help
The standard RSA-signature verification code (FIT_SIGNATURE) uses
pre-calculated key properties, that are stored in fdt blob, in
decrypting a signature.
This does not suit the use case where there is no way defined to
provide such additional key properties in standardized form,
particularly UEFI secure boot.
This options enables RSA signature verification with a public key
directly specified in image_sign_info, where all the necessary
key properties will be calculated on the fly in verification code
in the SPL.
config RSA_SOFTWARE_EXP
bool "Enable driver for RSA Modular Exponentiation in software"
depends on DM