From: Tom Rini <trini@konsulko.com>
To: u-boot@lists.denx.de
Subject: [PATCH v4 2/6] rsa: add CONFIG_RSA_VERIFY_WITH_PKEY config
Date: Tue, 21 Jan 2020 10:34:59 -0500 [thread overview]
Message-ID: <20200121153459.GS8732@bill-the-cat> (raw)
In-Reply-To: <20200121042957.GB8146@linaro.org>
On Tue, Jan 21, 2020 at 01:29:58PM +0900, AKASHI Takahiro wrote:
> Tom, Simon,
>
> On Fri, Jan 17, 2020 at 06:59:44AM +0100, Heinrich Schuchardt wrote:
> > On 1/17/20 3:24 AM, AKASHI Takahiro wrote:
> > >On Tue, Jan 14, 2020 at 12:43:40PM +0100, Heinrich Schuchardt wrote:
> > >>On 1/14/20 8:45 AM, AKASHI Takahiro wrote:
> > >>>On Wed, Jan 08, 2020 at 01:35:13PM +0100, Heinrich Schuchardt wrote:
> > >>>>On 11/21/19 1:11 AM, AKASHI Takahiro wrote:
> > >>>>>In the next couple of commits, under new CONFIG_RSA_VERIFY_WITH_PKEY,
> > >>>>>rsa_verify() will be extended to be able to perform RSA decryption without
> > >>>>>additional RSA key properties from FIT image, i.e. rr and n0inv.
> > >>>>>
> > >>>>>Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
> > >>>>>Reviewed-by: Simon Glass <sjg@chromium.org>
> > >>>>
> > >>>>The patch series does not build for some configurations.
> > >>>>
> > >>>>>---
> > >>>>> lib/rsa/Kconfig | 14 ++++++++++++++
> > >>>>> 1 file changed, 14 insertions(+)
> > >>>>>
> > >>>>>diff --git a/lib/rsa/Kconfig b/lib/rsa/Kconfig
> > >>>>>index 03ffa2969048..71e4c06bf883 100644
> > >>>>>--- a/lib/rsa/Kconfig
> > >>>>>+++ b/lib/rsa/Kconfig
> > >>>>>@@ -30,6 +30,20 @@ config RSA_VERIFY
> > >>>>> help
> > >>>>> Add RSA signature verification support.
> > >>>>>
> > >>>>>+config RSA_VERIFY_WITH_PKEY
> > >>>>
> > >>>>For CONFIG_RSA_VERIFY_WITH_PKEY=y and CONFIG_RSA_PUBLIC_KEY_PARSER=n
> > >>>>I get an error:
> > >>>
> > >>>This error is inevitable as both RSA_VERIFY_WITH_PKEY and
> > >>>RSA_PUBLIC_KEY_PARSER are "select"able configurations with
> > >>>visible prompts and then
> > >>
> > >>No, it is not inevitbable. Just ensure that in the Makefiles all modules
> > >>are selected that you need for your configuration.
> > >
> > >How?
> > >Can you please show me a simple solution?
> >
>
> Which is your choice as a maintainer/author of lib/rsa?
>
> In my opinion,
>
> > ifneq($(CONFIG_RSA_VERIFY_WITH_PKEY)$(CONFIG_RSA_PUBLIC_KEY_PARSER),)
> > obj-y += foo.o
> > endif
>
> I will take this by a process of elimination.
>
> > or
> >
> > config RSA_VERIFY_WITH_PKEY
> > depends on RSA_PUBLIC_KEY_PARSER
>
> I normally use "depends on" to select a subset feature of the target.
>
> > or
> >
> > config RSA_VERIFY_WITH_PKEY
> > select RSA_PUBLIC_KEY_PARSER
>
> Nak, as I said, because RSA_PUBLIC_KEY_PARSER is a visible configuration symbol.
This is getting a bit complicated. So, if and only if
RSA_VERIFY_WITH_PKEY and RSA_PUBLIC_KEY_PARSER can be functional without
the other enabled:
obj-$(CONFIG_RSA_VERIFY_WITH_PKEY) += verify-with-pkey.o common-thing.o
obj-$(CONFIG_RSA_PUBLIC_KEY_PARSER) += public-key-parser.o common-thing.o
and we don't need to do anything extra with depends/select. There's
nothing wrong with listing an object multiple times, it gets sorted
correctly.
--
Tom
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: not available
URL: <https://lists.denx.de/pipermail/u-boot/attachments/20200121/13c000ca/attachment.sig>
next prev parent reply other threads:[~2020-01-21 15:34 UTC|newest]
Thread overview: 30+ messages / expand[flat|nested] mbox.gz Atom feed top
2019-11-21 0:11 [U-Boot] [PATCH v4 0/6] rsa: extend rsa_verify() for UEFI secure boot AKASHI Takahiro
2019-11-21 0:11 ` [U-Boot] [PATCH v4 1/6] lib: rsa: decouple rsa from FIT image verification AKASHI Takahiro
2019-12-07 0:25 ` Tom Rini
2019-12-12 10:10 ` AKASHI Takahiro
2019-11-21 0:11 ` [U-Boot] [PATCH v4 2/6] rsa: add CONFIG_RSA_VERIFY_WITH_PKEY config AKASHI Takahiro
2020-01-08 12:35 ` Heinrich Schuchardt
2020-01-14 7:45 ` AKASHI Takahiro
2020-01-14 11:43 ` Heinrich Schuchardt
2020-01-17 2:24 ` AKASHI Takahiro
2020-01-17 5:59 ` Heinrich Schuchardt
2020-01-21 4:29 ` AKASHI Takahiro
2020-01-21 15:34 ` Tom Rini [this message]
2019-11-21 0:11 ` [U-Boot] [PATCH v4 3/6] include: image.h: add key info to image_sign_info AKASHI Takahiro
2019-11-21 0:11 ` [U-Boot] [PATCH v4 4/6] lib: rsa: generate additional parameters for public key AKASHI Takahiro
2020-01-08 18:07 ` Heinrich Schuchardt
2020-01-08 18:16 ` Heinrich Schuchardt
2020-01-14 7:15 ` AKASHI Takahiro
2019-11-21 0:11 ` [U-Boot] [PATCH v4 5/6] lib: rsa: add rsa_verify_with_pkey() AKASHI Takahiro
2019-11-21 0:11 ` [U-Boot] [PATCH v4 6/6] test: add rsa_verify() unit test AKASHI Takahiro
2020-01-08 17:43 ` Heinrich Schuchardt
2020-01-08 22:25 ` Heinrich Schuchardt
2020-01-14 7:33 ` AKASHI Takahiro
2020-01-14 12:04 ` Heinrich Schuchardt
2020-01-17 1:53 ` AKASHI Takahiro
2020-01-17 5:26 ` Heinrich Schuchardt
2020-01-21 5:48 ` AKASHI Takahiro
2020-01-21 15:40 ` Tom Rini
2020-01-22 0:22 ` AKASHI Takahiro
2020-01-22 0:26 ` Tom Rini
2020-01-18 20:20 ` [PATCH v4 0/6] rsa: extend rsa_verify() for UEFI secure boot Heinrich Schuchardt
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20200121153459.GS8732@bill-the-cat \
--to=trini@konsulko.com \
--cc=u-boot@lists.denx.de \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox