From: AKASHI Takahiro <takahiro.akashi@linaro.org>
To: u-boot@lists.denx.de
Subject: [PATCH v7 0/7] rsa: extend rsa_verify() for UEFI secure boot
Date: Tue, 25 Feb 2020 13:55:12 +0900 [thread overview]
Message-ID: <20200225045511.GA9257@linaro.org> (raw)
In-Reply-To: <20200221171841.GO18302@bill-the-cat>
On Fri, Feb 21, 2020 at 12:18:41PM -0500, Tom Rini wrote:
> On Fri, Feb 21, 2020 at 03:12:54PM +0900, AKASHI Takahiro wrote:
>
> > # This patch set is a prerequisite for UEFI secure boot.
> >
> > The current rsa_verify() requires five parameters for a RSA public key
> > for efficiency while RSA, in theory, requires only two. In addition,
> > those parameters are expected to come from FIT image.
> >
> > So this function won't fit very well when we want to use it for the purpose
> > of implementing UEFI secure boot, in particular, image authentication
> > as well as variable authentication, where the essential two parameters
> > are set to be retrieved from one of X509 certificates in signature
> > database.
> >
> > So, in this patch, additional three parameters will be calculated
> > on the fly when rsa_verify() is called without fdt which should contain
> > parameters above.
> >
> > This calculation heavily relies on "big-number (or multi-precision)
> > library." Therefore some routines from BearSSL[1] under MIT license are
> > imported in this implementation. See Patch#4.
> > # Please let me know if this is not appropriate.
> >
> > Prerequisite:
> > * public key parser in my "import x509/pkcs7 parser" patch[2]
>
> This has been applied a long while back.
Yes, I forgot to remove this line.
> And for the record, without http://patchwork.ozlabs.org/patch/1239098/
> applied sandbox fails to build. I had said I would take care of that
> specific issue, so I'm just noting it here. I'm kicking off a larger
> test now.
Thank you!
-Takahiro Akashi
> --
> Tom
prev parent reply other threads:[~2020-02-25 4:55 UTC|newest]
Thread overview: 17+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-02-21 6:12 [PATCH v7 0/7] rsa: extend rsa_verify() for UEFI secure boot AKASHI Takahiro
2020-02-21 6:12 ` [PATCH v7 1/7] lib: rsa: decouple rsa from FIT image verification AKASHI Takahiro
2020-03-12 16:48 ` Tom Rini
2020-02-21 6:12 ` [PATCH v7 2/7] rsa: add CONFIG_RSA_VERIFY_WITH_PKEY config AKASHI Takahiro
2020-03-12 16:48 ` Tom Rini
2020-02-21 6:12 ` [PATCH v7 3/7] include: image.h: add key info to image_sign_info AKASHI Takahiro
2020-03-12 16:48 ` Tom Rini
2020-02-21 6:12 ` [PATCH v7 4/7] lib: rsa: generate additional parameters for public key AKASHI Takahiro
2020-03-12 16:48 ` Tom Rini
2020-02-21 6:12 ` [PATCH v7 5/7] lib: rsa: add rsa_verify_with_pkey() AKASHI Takahiro
2020-03-12 16:48 ` Tom Rini
2020-02-21 6:13 ` [PATCH v7 6/7] test: add rsa_verify() unit test AKASHI Takahiro
2020-03-12 16:48 ` Tom Rini
2020-02-21 6:13 ` [PATCH v7 7/7] test: enable RSA library test on sandbox AKASHI Takahiro
2020-03-12 16:49 ` Tom Rini
2020-02-21 17:18 ` [PATCH v7 0/7] rsa: extend rsa_verify() for UEFI secure boot Tom Rini
2020-02-25 4:55 ` AKASHI Takahiro [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20200225045511.GA9257@linaro.org \
--to=takahiro.akashi@linaro.org \
--cc=u-boot@lists.denx.de \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.