From: Alexandru Gagniuc <mr.nuke.me@gmail.com>
To: u-boot@lists.denx.de
Subject: [PATCH 5/5] Kconfig: FIT_SIGNATURE should not select RSA_VERIFY
Date: Mon, 11 Jan 2021 09:41:37 -0600 [thread overview]
Message-ID: <20210111154137.621732-6-mr.nuke.me@gmail.com> (raw)
In-Reply-To: <20210111154137.621732-1-mr.nuke.me@gmail.com>
FIT signatures can now be implemented with ECDSA. The assumption that
all FIT images are signed with RSA is no longer valid. Thus, instead
of 'select'ing RSA, only 'imply' it. This doesn't change the defaults,
but allows one to explicitly disable RSA support.
Signed-off-by: Alexandru Gagniuc <mr.nuke.me@gmail.com>
---
common/Kconfig.boot | 8 ++++----
1 file changed, 4 insertions(+), 4 deletions(-)
diff --git a/common/Kconfig.boot b/common/Kconfig.boot
index 3f6d9c1a25..280476698d 100644
--- a/common/Kconfig.boot
+++ b/common/Kconfig.boot
@@ -67,8 +67,8 @@ config FIT_SIGNATURE
bool "Enable signature verification of FIT uImages"
depends on DM
select HASH
- select RSA
- select RSA_VERIFY
+ imply RSA
+ imply RSA_VERIFY
select IMAGE_SIGN_INFO
help
This option enables signature verification of FIT uImages,
@@ -159,8 +159,8 @@ config SPL_FIT_SIGNATURE
select SPL_FIT
select SPL_CRYPTO_SUPPORT
select SPL_HASH_SUPPORT
- select SPL_RSA
- select SPL_RSA_VERIFY
+ imply SPL_RSA
+ imply SPL_RSA_VERIFY
select SPL_IMAGE_SIGN_INFO
config SPL_LOAD_FIT
--
2.26.2
next prev parent reply other threads:[~2021-01-11 15:41 UTC|newest]
Thread overview: 17+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-01-11 15:41 [PATCH 0/5] Enable ECDSA FIT verification for stm32mp Alexandru Gagniuc
2021-01-11 15:41 ` [PATCH 1/5] dm: crypto: Define UCLASS API for ECDSA signature verification Alexandru Gagniuc
2021-01-13 16:10 ` Simon Glass
2021-01-14 16:09 ` Alex G.
2021-01-14 19:16 ` Simon Glass
2021-01-11 15:41 ` [PATCH 2/5] lib: ecdsa: Add skeleton to implement ecdsa verification in u-boot Alexandru Gagniuc
2021-02-09 15:11 ` Patrick DELAUNAY
2021-02-09 22:37 ` Alex G.
2021-01-11 15:41 ` [PATCH 3/5] lib: ecdsa: Implement signature verification for crypto_algo API Alexandru Gagniuc
2021-01-13 16:10 ` Simon Glass
2021-02-09 15:56 ` Patrick DELAUNAY
2021-02-09 22:58 ` Alex G.
2021-01-11 15:41 ` [PATCH 4/5] arm: stm32mp1: Implement ECDSA signature verification Alexandru Gagniuc
2021-01-11 15:41 ` Alexandru Gagniuc [this message]
2021-01-13 16:10 ` [PATCH 5/5] Kconfig: FIT_SIGNATURE should not select RSA_VERIFY Simon Glass
2021-02-09 15:08 ` [PATCH 0/5] Enable ECDSA FIT verification for stm32mp Patrick DELAUNAY
2021-02-09 21:28 ` Alex G.
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20210111154137.621732-6-mr.nuke.me@gmail.com \
--to=mr.nuke.me@gmail.com \
--cc=u-boot@lists.denx.de \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox