[U-Boot] [RFC 1/3] lib: rsa: decouple rsa from FIT image verification

All of lore.kernel.org
 help / color / mirror / Atom feed

From: AKASHI Takahiro <takahiro.akashi@linaro.org>
To: u-boot@lists.denx.de
Subject: [U-Boot] [RFC 1/3] lib: rsa: decouple rsa from FIT image verification
Date: Fri, 6 Sep 2019 18:26:41 +0900	[thread overview]
Message-ID: <20190906092640.GJ4398@linaro.org> (raw)
In-Reply-To: <4a3de0ad-2aca-ce40-f60c-df1cc4ab8d66@gmx.de>

On Fri, Sep 06, 2019 at 09:39:05AM +0200, Heinrich Schuchardt wrote:
> On 9/6/19 9:08 AM, AKASHI Takahiro wrote:
> >Introduce new configuration, CONFIG_RSA_VERIFY which will decouple building
> >RSA functions from FIT verification and allow for adding a RSA-based
> >signature verification for other file formats, in particular PE file
> >for UEFI secure boot.
> >
> >Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
> >---
> >  lib/rsa/Kconfig  | 7 +++++++
> >  lib/rsa/Makefile | 2 +-
> >  2 files changed, 8 insertions(+), 1 deletion(-)
> >
> >diff --git a/lib/rsa/Kconfig b/lib/rsa/Kconfig
> >index 2b33f323bccc..338c8124da59 100644
> >--- a/lib/rsa/Kconfig
> >+++ b/lib/rsa/Kconfig
> >@@ -1,5 +1,6 @@
> >  config RSA
> >  	bool "Use RSA Library"
> >+	select RSA_VERIFY
> >  	select RSA_FREESCALE_EXP if FSL_CAAM && !ARCH_MX7 && !ARCH_MX6 && !ARCH_MX5
> >  	select RSA_SOFTWARE_EXP if !RSA_FREESCALE_EXP
> >  	help
> >@@ -17,6 +18,12 @@ if RSA
> >
> >  config SPL_RSA
> >  	bool "Use RSA Library within SPL"
> >+	select RSA_VERIFY
> >+
> >+config RSA_VERIFY
> >+	bool
> >+	help
> >+	  Add RSA signature verification support.
> >
> >  config RSA_SOFTWARE_EXP
> >  	bool "Enable driver for RSA Modular Exponentiation in software"
> >diff --git a/lib/rsa/Makefile b/lib/rsa/Makefile
> >index a51c6e1685fb..226d8f3514a9 100644
> >--- a/lib/rsa/Makefile
> >+++ b/lib/rsa/Makefile
> >@@ -5,5 +5,5 @@
> >  # (C) Copyright 2000-2007
> >  # Wolfgang Denk, DENX Software Engineering, wd at denx.de.
> >
> >-obj-$(CONFIG_$(SPL_)FIT_SIGNATURE) += rsa-verify.o rsa-checksum.o
> >+obj-$(CONFIG_RSA_VERIFY) += rsa-verify.o rsa-checksum.o
> >  obj-$(CONFIG_RSA_SOFTWARE_EXP) += rsa-mod-exp.o
> >
> 
> pine64-lts_defconfig with CONFIG_RSA=y
> compiles fine without this patch. But with this patch:

Right.
It seems that include/image.h will also have to be modified.

Thanks,
-Takahiro Akashi


> lib/rsa/rsa-verify.c:60:5: error: redefinition of ‘padding_pkcs_15_verify’
>    60 | int padding_pkcs_15_verify(struct image_sign_info *info,
>       |     ^~~~~~~~~~~~~~~~~~~~~~
> In file included from lib/rsa/rsa-verify.c:21:
> include/u-boot/rsa.h:118:19: note: previous definition of
> ‘padding_pkcs_15_verify’ was here
>   118 | static inline int padding_pkcs_15_verify(struct image_sign_info
> *info,
>       |                   ^~~~~~~~~~~~~~~~~~~~~~
> lib/rsa/rsa-verify.c:399:5: error: redefinition of ‘rsa_verify’
>   399 | int rsa_verify(struct image_sign_info *info,
>       |     ^~~~~~~~~~
>   CC      lib/efi_loader/efi_hii.o
> In file included from lib/rsa/rsa-verify.c:21:
> include/u-boot/rsa.h:111:19: note: previous definition of ‘rsa_verify’
> was here
>   111 | static inline int rsa_verify(struct image_sign_info *info,
>       |                   ^~~~~~~~~~
> 
> Best regards
> 
> Heinrich

next prev parent reply	other threads:[~2019-09-06  9:26 UTC|newest]

Thread overview: 18+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2019-09-06  7:08 [U-Boot] [RFC 0/3] rsa: extend rsa_verify() for UEFI secure boot AKASHI Takahiro
2019-09-06  7:08 ` [U-Boot] [RFC 1/3] lib: rsa: decouple rsa from FIT image verification AKASHI Takahiro
2019-09-06  7:39   ` Heinrich Schuchardt
2019-09-06  9:26     ` AKASHI Takahiro [this message]
2019-09-06  7:08 ` [U-Boot] [RFC 2/3] lib: rsa: generate additional parameters for public key AKASHI Takahiro
2019-09-17  5:48   ` Simon Glass
2019-09-18  2:35     ` AKASHI Takahiro
2019-10-03  7:34   ` Ilias Apalodimas
2019-10-03  8:58     ` AKASHI Takahiro
2019-10-03 13:37       ` Heinrich Schuchardt
2019-09-06  7:08 ` [U-Boot] [RFC 3/3] lib: rsa: add rsa_verify_with_pkey() AKASHI Takahiro
2019-09-17  5:48   ` Simon Glass
2019-09-18  3:03     ` AKASHI Takahiro
2019-10-03  5:48       ` AKASHI Takahiro
2019-10-22 13:50       ` Simon Glass
2019-10-23  5:44         ` AKASHI Takahiro
2019-10-27 16:31           ` Simon Glass
2019-10-28  0:43             ` AKASHI Takahiro

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20190906092640.GJ4398@linaro.org \
    --to=takahiro.akashi@linaro.org \
    --cc=u-boot@lists.denx.de \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.