From: Alex G. <mr.nuke.me@gmail.com>
To: u-boot@lists.denx.de
Subject: [PATCH v2 37/50] image: Drop IMAGE_ENABLE_SIGN/VERIFY defines
Date: Fri, 14 May 2021 16:17:03 -0500 [thread overview]
Message-ID: <e13360af-f381-71ee-31d4-eb40ffb4255b@gmail.com> (raw)
In-Reply-To: <CAPnjgZ3fvLse4FWQr6i6=6WnT_2hFWqrg76Feq9zr_9XeqohiA@mail.gmail.com>
On 5/14/21 3:44 PM, Simon Glass wrote:
> Hi Alex,
>
> On Fri, 14 May 2021 at 14:38, Alex G. <mr.nuke.me@gmail.com> wrote:
>>
>>
>>
>> On 5/6/21 9:24 AM, Simon Glass wrote:
>>> Add host Kconfigs for FIT_SIGN and RSA_VERIFY. With these we can
>>> use CONFIG_IS_ENABLED() directly in the host build, so drop the
>>> unnecessary indirections IMAGE_ENABLE_SIGN and HOST_RSA_VERIFY.
>>> Also drop FIT_IMAGE_ENABLE_VERIFY which is not actually used.
>>>
>>> Leave IMAGE_ENABLE_VERIFY_ECDSA along since this feature is
>>> incomplete and needs to be integrated with RSA.
>>>
>>> Signed-off-by: Simon Glass <sjg@chromium.org> ---
>>>
>>> (no changes since v1)
>>>
>>> common/image-fit.c | 6 +++--- common/image-sig.c | 10
>>> +++++----- include/image.h | 13 ++-----------
>>> include/u-boot/ecdsa.h | 2 +- include/u-boot/rsa.h | 4 ++--
>>> tools/Kconfig | 10 ++++++++++ tools/image-host.c |
>>> 4 ++-- 7 files changed, 25 insertions(+), 24 deletions(-)
>>>
>>> diff --git a/common/image-fit.c b/common/image-fit.c index
>>> c13ff6bba24..e81a0858dc1 100644 --- a/common/image-fit.c +++
>>> b/common/image-fit.c @@ -1301,7 +1301,7 @@ int
>>> fit_image_verify_with_data(const void *fit, int image_noffset,
>>> int ret;
>>>
>>> /* Verify all required signatures */ - if
>>> (FIT_IMAGE_ENABLE_VERIFY && + if
>>> (CONFIG_IS_ENABLED(RSA_VERIFY) &&
>>
>> NAK. Having verification depend directly on CONFIG_RSA_VERIFY will
>> make adding ECDSA support that much more convoluted.
>
> Let me counter-NAK.
>
> The ECDSA needs to be integrated into the RSA stuff, as we have done
> with hashing. E.g. CONFIG_VERIFY that enables the feature, with a
> driver to select which methods are supported.
Then why not add a CONFIG_(SPL_)VERIFY to this patch instead of
replacing a common define with an algo-secific CONFIG?
> I think I mentioned that in the original review.
You did. Integrating ECDSA with RSA is orthogonal to ECDSA verification.
I like the motivation behind this cosmetic series, but it is
creating unnecessary complications to adding the ECDSA features.
"It is relatively straightforward to add new algorithms if required.
[...] If another algorithm is needed (such as DSA) then it can be
placed alongside rsa.c, and its functions added to the table in
image-sig.c also."
That's from doc/uImage.FIT/signature.txt. Seems like we're changing goal
posts as the balls are already in the air. I want to tone down this
series, pick a few patches that I really like, combine them with some of
my changes and submit a co-authored series with the uncontroversial changes.
I posted a parallel series which eliminates IMAGE_ENABLE_VERIFY_ECDSA,
and is far less intrusive. I was already trying to combine it with some
patches in this series. Let's see how that goes
Alex
next prev parent reply other threads:[~2021-05-14 21:17 UTC|newest]
Thread overview: 91+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-05-06 14:23 [PATCH v2 00/50] image: Reduce #ifdefs and ad-hoc defines in image code Simon Glass
2021-05-06 14:23 ` [PATCH v2 01/50] lib: Add memdup() Simon Glass
2021-05-06 17:07 ` Pratyush Yadav
2021-05-06 17:41 ` Simon Glass
2021-05-06 17:57 ` Sean Anderson
2021-05-10 9:00 ` Rasmus Villemoes
2021-05-10 11:21 ` Heinrich Schuchardt
2021-05-10 16:28 ` Simon Glass
2021-05-06 14:23 ` [PATCH v2 02/50] Add support for an owned buffer Simon Glass
2021-05-06 14:23 ` [PATCH v2 03/50] compiler: Add a comment to host_build() Simon Glass
2021-05-06 14:23 ` [PATCH v2 04/50] zstd: Create a function for use from U-Boot Simon Glass
2021-05-06 14:23 ` [PATCH v2 05/50] btrfs: Use U-Boot API for decompression Simon Glass
2021-05-06 14:23 ` [PATCH v2 06/50] image: Avoid switch default in image_decomp() Simon Glass
2021-05-06 14:23 ` [PATCH v2 07/50] image: Update zstd to avoid reporting error twice Simon Glass
2021-05-06 14:23 ` [PATCH v2 08/50] gzip: Avoid use of u64 Simon Glass
2021-05-06 14:23 ` [PATCH v2 09/50] image: Update image_decomp() to avoid ifdefs Simon Glass
2021-05-06 14:23 ` [PATCH v2 10/50] image: Split board code out into its own file Simon Glass
2021-05-06 14:23 ` [PATCH v2 11/50] image: Fix up checkpatch warnings in image-board.c Simon Glass
2021-05-06 14:24 ` [PATCH v2 12/50] image: Split host code out into its own file Simon Glass
2021-05-06 14:24 ` [PATCH v2 13/50] image: Create a function to do manual relocation Simon Glass
2021-05-06 14:24 ` [PATCH v2 14/50] image: Avoid #ifdefs for " Simon Glass
2021-05-06 14:24 ` [PATCH v2 15/50] image: Remove ifdefs around image_setup_linux() el at Simon Glass
2021-05-06 14:24 ` [PATCH v2 16/50] image: Add Kconfig options for FIT in the host build Simon Glass
2021-05-11 19:57 ` Alex G.
2021-05-11 22:34 ` Tom Rini
2021-05-12 0:50 ` Alex G.
2021-05-12 1:10 ` Tom Rini
2021-05-12 15:52 ` Simon Glass
2021-05-12 16:19 ` Alex G.
2021-05-12 17:14 ` Tom Rini
2021-05-17 22:29 ` Alex G.
2021-05-18 1:23 ` AKASHI Takahiro
2021-05-19 15:49 ` Alex G
2021-05-12 14:51 ` Simon Glass
2021-05-12 15:48 ` Alex G.
2021-05-12 15:54 ` Simon Glass
2021-05-12 16:18 ` Alex G.
2021-05-12 17:30 ` Simon Glass
2021-05-13 16:21 ` Alex G.
2021-05-13 23:56 ` Simon Glass
2021-05-14 15:12 ` Alex G.
2021-05-15 15:20 ` Simon Glass
2021-05-06 14:24 ` [PATCH v2 17/50] kconfig: Add host support to CONFIG_IS_ENABLED() Simon Glass
2021-05-06 14:24 ` [PATCH v2 18/50] image: Shorten FIT_ENABLE_SHAxxx_SUPPORT Simon Glass
2021-05-14 15:30 ` Alex G.
2021-05-06 14:24 ` [PATCH v2 19/50] image: Rename SPL_SHAxxx_SUPPORT to SPL_FIT_SHAxxx Simon Glass
2021-05-14 15:34 ` Alex G.
2021-05-06 14:24 ` [PATCH v2 20/50] hash: Use Kconfig to enable hashing in host tools Simon Glass
2021-05-06 14:24 ` [PATCH v2 21/50] hash: Drop some #ifdefs in hash.c Simon Glass
2021-05-14 15:37 ` Alex G.
2021-05-14 20:43 ` Tom Rini
2021-05-06 14:24 ` [PATCH v2 22/50] image: Drop IMAGE_ENABLE_FIT Simon Glass
2021-05-06 14:24 ` [PATCH v2 23/50] image: Drop IMAGE_ENABLE_OF_LIBFDT Simon Glass
2021-05-06 14:24 ` [PATCH v2 24/50] image: Use Kconfig to enable CONFIG_FIT_VERBOSE on host Simon Glass
2021-05-06 14:24 ` [PATCH v2 25/50] image: Rename CONFIG_FIT_ENABLE_RSASSA_PSS_SUPPORT Simon Glass
2021-05-06 14:24 ` [PATCH v2 26/50] image: Use Kconfig to enable FIT_RSASSA_PSS on host Simon Glass
2021-05-06 14:24 ` [PATCH v2 27/50] Kconfig: Rename SPL_CRC32_SUPPORT to SPL_CRC32 Simon Glass
2021-05-14 21:31 ` Alex G.
2021-05-06 14:24 ` [PATCH v2 28/50] image: Drop IMAGE_ENABLE_CRC32 Simon Glass
2021-05-06 14:24 ` [PATCH v2 29/50] Kconfig: Rename SPL_MD5_SUPPORT to SPL_MD5 Simon Glass
2021-05-14 21:31 ` Alex G.
2021-05-06 14:24 ` [PATCH v2 30/50] image: Drop IMAGE_ENABLE_MD5 Simon Glass
2021-05-06 14:24 ` [PATCH v2 31/50] image: Drop IMAGE_ENABLE_SHA1 Simon Glass
2021-05-06 14:24 ` [PATCH v2 32/50] image: Drop IMAGE_ENABLE_SHAxxx Simon Glass
2021-05-06 14:24 ` [PATCH v2 33/50] image: Drop IMAGE_BOOT_GET_CMDLINE Simon Glass
2021-05-06 14:24 ` [PATCH v2 34/50] image: Drop IMAGE_OF_BOARD_SETUP Simon Glass
2021-05-06 14:24 ` [PATCH v2 35/50] image: Drop IMAGE_OF_SYSTEM_SETUP Simon Glass
2021-05-06 14:24 ` [PATCH v2 36/50] image: Drop IMAGE_ENABLE_IGNORE Simon Glass
2021-05-06 14:24 ` [PATCH v2 37/50] image: Drop IMAGE_ENABLE_SIGN/VERIFY defines Simon Glass
2021-05-14 20:38 ` Alex G.
2021-05-14 20:44 ` Simon Glass
2021-05-14 21:17 ` Alex G. [this message]
2021-05-15 15:20 ` Simon Glass
2021-05-06 14:24 ` [PATCH v2 38/50] image: Drop IMAGE_ENABLE_BEST_MATCH Simon Glass
2021-05-14 21:32 ` Alex G.
2021-05-06 14:24 ` [PATCH v2 39/50] image: Drop IMAGE_ENABLE_EN/DECRYPT defines Simon Glass
2021-05-06 14:24 ` [PATCH v2 40/50] image: Tidy up fit_unsupported_reset() Simon Glass
2021-05-06 14:24 ` [PATCH v2 41/50] image: Drop unnecessary #ifdefs from image.h Simon Glass
2021-05-14 21:45 ` Alex G.
2021-05-06 14:24 ` [PATCH v2 42/50] image: Drop #ifdefs for fit_print_contents() Simon Glass
2021-05-14 21:46 ` Alex G.
2021-05-06 14:24 ` [PATCH v2 43/50] image: Drop most #ifdefs in image-board.c Simon Glass
2021-05-06 14:24 ` [PATCH v2 44/50] image: Reduce variable scope in boot_get_ramdisk() Simon Glass
2021-05-06 14:24 ` [PATCH v2 45/50] image: Split up boot_get_ramdisk() Simon Glass
2021-05-06 14:24 ` [PATCH v2 46/50] image: Remove #ifdefs from select_ramdisk() Simon Glass
2021-05-06 14:24 ` [PATCH v2 47/50] image: Remove some #ifdefs from image-fit and image-fit-sig Simon Glass
2021-05-14 21:50 ` Alex G.
2021-05-15 15:20 ` Simon Glass
2021-05-06 14:24 ` [PATCH v2 48/50] image: Reduce variable scope in boot_get_fdt() Simon Glass
2021-05-06 14:24 ` [PATCH v2 49/50] image: Split up boot_get_fdt() Simon Glass
2021-05-06 14:24 ` [PATCH v2 50/50] image: Remove #ifdefs from select_fdt() Simon Glass
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=e13360af-f381-71ee-31d4-eb40ffb4255b@gmail.com \
--to=mr.nuke.me@gmail.com \
--cc=u-boot@lists.denx.de \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox