From: AKASHI Takahiro <takahiro.akashi@linaro.org>
To: u-boot@lists.denx.de
Subject: [PATCH v4 2/6] rsa: add CONFIG_RSA_VERIFY_WITH_PKEY config
Date: Tue, 14 Jan 2020 16:45:24 +0900 [thread overview]
Message-ID: <20200114074522.GF28530@linaro.org> (raw)
In-Reply-To: <a830a0ab-bf04-1822-64bc-ca00959a8d7d@gmx.de>
On Wed, Jan 08, 2020 at 01:35:13PM +0100, Heinrich Schuchardt wrote:
> On 11/21/19 1:11 AM, AKASHI Takahiro wrote:
> >In the next couple of commits, under new CONFIG_RSA_VERIFY_WITH_PKEY,
> >rsa_verify() will be extended to be able to perform RSA decryption without
> >additional RSA key properties from FIT image, i.e. rr and n0inv.
> >
> >Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
> >Reviewed-by: Simon Glass <sjg@chromium.org>
>
> The patch series does not build for some configurations.
>
> >---
> > lib/rsa/Kconfig | 14 ++++++++++++++
> > 1 file changed, 14 insertions(+)
> >
> >diff --git a/lib/rsa/Kconfig b/lib/rsa/Kconfig
> >index 03ffa2969048..71e4c06bf883 100644
> >--- a/lib/rsa/Kconfig
> >+++ b/lib/rsa/Kconfig
> >@@ -30,6 +30,20 @@ config RSA_VERIFY
> > help
> > Add RSA signature verification support.
> >
> >+config RSA_VERIFY_WITH_PKEY
>
> For CONFIG_RSA_VERIFY_WITH_PKEY=y and CONFIG_RSA_PUBLIC_KEY_PARSER=n
> I get an error:
This error is inevitable as both RSA_VERIFY_WITH_PKEY and
RSA_PUBLIC_KEY_PARSER are "select"able configurations with
visible prompts and then
we should generally avoid potential illegal configurations;
The one should NOT forcibly select the other as the kernel kconfig
document suggests.
# Note:
# select should be used with care. select will force
# a symbol to a value without visiting the dependencies.
# By abusing select you are able to select a symbol FOO even
# if FOO depends on BAR that is not set.
# In general use select only for non-visible symbols
# (no prompts anywhere) and for symbols with no dependencies.
# That will limit the usefulness but on the other hand avoid
# the illegal configurations all over.
-Takahiro Akashi
> lib/rsa/rsa-keyprop.c:669: undefined reference to `rsa_parse_pub_key'
>
> RSA_PUBLIC_KEY_PARSER depends on
> ASYMMETRIC_KEY_TYPE [=n] && ASYMMETRIC_PUBLIC_KEY_SUBTYPE [=n]
>
> Please, fix the dependencies.
>
> Best regards
>
> Heinrich
>
> >+ bool "Execute RSA verification without key parameters from FDT"
> >+ depends on RSA
> >+ help
> >+ The standard RSA-signature verification code (FIT_SIGNATURE) uses
> >+ pre-calculated key properties, that are stored in fdt blob, in
> >+ decrypting a signature.
> >+ This does not suit the use case where there is no way defined to
> >+ provide such additional key properties in standardized form,
> >+ particularly UEFI secure boot.
> >+ This options enables RSA signature verification with a public key
> >+ directly specified in image_sign_info, where all the necessary
> >+ key properties will be calculated on the fly in verification code.
> >+
> > config RSA_SOFTWARE_EXP
> > bool "Enable driver for RSA Modular Exponentiation in software"
> > depends on DM
> >
next prev parent reply other threads:[~2020-01-14 7:45 UTC|newest]
Thread overview: 30+ messages / expand[flat|nested] mbox.gz Atom feed top
2019-11-21 0:11 [U-Boot] [PATCH v4 0/6] rsa: extend rsa_verify() for UEFI secure boot AKASHI Takahiro
2019-11-21 0:11 ` [U-Boot] [PATCH v4 1/6] lib: rsa: decouple rsa from FIT image verification AKASHI Takahiro
2019-12-07 0:25 ` Tom Rini
2019-12-12 10:10 ` AKASHI Takahiro
2019-11-21 0:11 ` [U-Boot] [PATCH v4 2/6] rsa: add CONFIG_RSA_VERIFY_WITH_PKEY config AKASHI Takahiro
2020-01-08 12:35 ` Heinrich Schuchardt
2020-01-14 7:45 ` AKASHI Takahiro [this message]
2020-01-14 11:43 ` Heinrich Schuchardt
2020-01-17 2:24 ` AKASHI Takahiro
2020-01-17 5:59 ` Heinrich Schuchardt
2020-01-21 4:29 ` AKASHI Takahiro
2020-01-21 15:34 ` Tom Rini
2019-11-21 0:11 ` [U-Boot] [PATCH v4 3/6] include: image.h: add key info to image_sign_info AKASHI Takahiro
2019-11-21 0:11 ` [U-Boot] [PATCH v4 4/6] lib: rsa: generate additional parameters for public key AKASHI Takahiro
2020-01-08 18:07 ` Heinrich Schuchardt
2020-01-08 18:16 ` Heinrich Schuchardt
2020-01-14 7:15 ` AKASHI Takahiro
2019-11-21 0:11 ` [U-Boot] [PATCH v4 5/6] lib: rsa: add rsa_verify_with_pkey() AKASHI Takahiro
2019-11-21 0:11 ` [U-Boot] [PATCH v4 6/6] test: add rsa_verify() unit test AKASHI Takahiro
2020-01-08 17:43 ` Heinrich Schuchardt
2020-01-08 22:25 ` Heinrich Schuchardt
2020-01-14 7:33 ` AKASHI Takahiro
2020-01-14 12:04 ` Heinrich Schuchardt
2020-01-17 1:53 ` AKASHI Takahiro
2020-01-17 5:26 ` Heinrich Schuchardt
2020-01-21 5:48 ` AKASHI Takahiro
2020-01-21 15:40 ` Tom Rini
2020-01-22 0:22 ` AKASHI Takahiro
2020-01-22 0:26 ` Tom Rini
2020-01-18 20:20 ` [PATCH v4 0/6] rsa: extend rsa_verify() for UEFI secure boot Heinrich Schuchardt
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20200114074522.GF28530@linaro.org \
--to=takahiro.akashi@linaro.org \
--cc=u-boot@lists.denx.de \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox