diff options
author | AKASHI Takahiro <takahiro.akashi@linaro.org> | 2020-02-21 15:12:55 +0900 |
---|---|---|
committer | Tom Rini <trini@konsulko.com> | 2020-03-12 08:20:38 -0400 |
commit | b983cc2da0bafd73a4dfc069eb3c3a98677e2d92 (patch) | |
tree | 6ea5e39eb92db6a1c1311876a8df52f267a3aeea /common/image-fit.c | |
parent | d08b16edf80aa268985b96b2d9e633909734e7c1 (diff) |
lib: rsa: decouple rsa from FIT image verification
Introduce new configuration, CONFIG_RSA_VERIFY which will decouple building
RSA functions from FIT verification and allow for adding a RSA-based
signature verification for other file formats, in particular PE file
for UEFI secure boot.
Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
Reviewed-by: Simon Glass <sjg@chromium.org>
Diffstat (limited to 'common/image-fit.c')
-rw-r--r-- | common/image-fit.c | 6 |
1 files changed, 3 insertions, 3 deletions
diff --git a/common/image-fit.c b/common/image-fit.c index f3bb00c98a..9357e66e1f 100644 --- a/common/image-fit.c +++ b/common/image-fit.c @@ -1269,7 +1269,7 @@ int fit_image_verify_with_data(const void *fit, int image_noffset, int ret; /* Verify all required signatures */ - if (IMAGE_ENABLE_VERIFY && + if (FIT_IMAGE_ENABLE_VERIFY && fit_image_verify_required_sigs(fit, image_noffset, data, size, gd_fdt_blob(), &verify_all)) { err_msg = "Unable to verify required signature"; @@ -1291,7 +1291,7 @@ int fit_image_verify_with_data(const void *fit, int image_noffset, &err_msg)) goto error; puts("+ "); - } else if (IMAGE_ENABLE_VERIFY && verify_all && + } else if (FIT_IMAGE_ENABLE_VERIFY && verify_all && !strncmp(name, FIT_SIG_NODENAME, strlen(FIT_SIG_NODENAME))) { ret = fit_image_check_sig(fit, noffset, data, @@ -1949,7 +1949,7 @@ int fit_image_load(bootm_headers_t *images, ulong addr, if (image_type == IH_TYPE_KERNEL) images->fit_uname_cfg = fit_base_uname_config; - if (IMAGE_ENABLE_VERIFY && images->verify) { + if (FIT_IMAGE_ENABLE_VERIFY && images->verify) { puts(" Verifying Hash Integrity ... "); if (fit_config_verify(fit, cfg_noffset)) { puts("Bad Data Hash\n"); |