From: AKASHI Takahiro <takahiro.akashi@linaro.org>
To: u-boot@lists.denx.de
Subject: [PATCH v7 0/7] rsa: extend rsa_verify() for UEFI secure boot
Date: Tue, 25 Feb 2020 13:55:12 +0900 [thread overview]
Message-ID: <20200225045511.GA9257@linaro.org> (raw)
In-Reply-To: <20200221171841.GO18302@bill-the-cat>
On Fri, Feb 21, 2020 at 12:18:41PM -0500, Tom Rini wrote:
> On Fri, Feb 21, 2020 at 03:12:54PM +0900, AKASHI Takahiro wrote:
>
> > # This patch set is a prerequisite for UEFI secure boot.
> >
> > The current rsa_verify() requires five parameters for a RSA public key
> > for efficiency while RSA, in theory, requires only two. In addition,
> > those parameters are expected to come from FIT image.
> >
> > So this function won't fit very well when we want to use it for the purpose
> > of implementing UEFI secure boot, in particular, image authentication
> > as well as variable authentication, where the essential two parameters
> > are set to be retrieved from one of X509 certificates in signature
> > database.
> >
> > So, in this patch, additional three parameters will be calculated
> > on the fly when rsa_verify() is called without fdt which should contain
> > parameters above.
> >
> > This calculation heavily relies on "big-number (or multi-precision)
> > library." Therefore some routines from BearSSL[1] under MIT license are
> > imported in this implementation. See Patch#4.
> > # Please let me know if this is not appropriate.
> >
> > Prerequisite:
> > * public key parser in my "import x509/pkcs7 parser" patch[2]
>
> This has been applied a long while back.
Yes, I forgot to remove this line.
> And for the record, without http://patchwork.ozlabs.org/patch/1239098/
> applied sandbox fails to build. I had said I would take care of that
> specific issue, so I'm just noting it here. I'm kicking off a larger
> test now.
Thank you!
-Takahiro Akashi
> --
> Tom
prev parent reply other threads:[~2020-02-25 4:55 UTC|newest]
Thread overview: 17+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-02-21 6:12 [PATCH v7 0/7] rsa: extend rsa_verify() for UEFI secure boot AKASHI Takahiro
2020-02-21 6:12 ` [PATCH v7 1/7] lib: rsa: decouple rsa from FIT image verification AKASHI Takahiro
2020-03-12 16:48 ` Tom Rini
2020-02-21 6:12 ` [PATCH v7 2/7] rsa: add CONFIG_RSA_VERIFY_WITH_PKEY config AKASHI Takahiro
2020-03-12 16:48 ` Tom Rini
2020-02-21 6:12 ` [PATCH v7 3/7] include: image.h: add key info to image_sign_info AKASHI Takahiro
2020-03-12 16:48 ` Tom Rini
2020-02-21 6:12 ` [PATCH v7 4/7] lib: rsa: generate additional parameters for public key AKASHI Takahiro
2020-03-12 16:48 ` Tom Rini
2020-02-21 6:12 ` [PATCH v7 5/7] lib: rsa: add rsa_verify_with_pkey() AKASHI Takahiro
2020-03-12 16:48 ` Tom Rini
2020-02-21 6:13 ` [PATCH v7 6/7] test: add rsa_verify() unit test AKASHI Takahiro
2020-03-12 16:48 ` Tom Rini
2020-02-21 6:13 ` [PATCH v7 7/7] test: enable RSA library test on sandbox AKASHI Takahiro
2020-03-12 16:49 ` Tom Rini
2020-02-21 17:18 ` [PATCH v7 0/7] rsa: extend rsa_verify() for UEFI secure boot Tom Rini
2020-02-25 4:55 ` AKASHI Takahiro [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20200225045511.GA9257@linaro.org \
--to=takahiro.akashi@linaro.org \
--cc=u-boot@lists.denx.de \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox