diff options
| author | Tom Rini <trini@konsulko.com> | 2020-03-12 12:45:27 -0400 |
|---|---|---|
| committer | Tom Rini <trini@konsulko.com> | 2020-03-12 12:45:27 -0400 |
| commit | e24f0a39d0daa2d8c597650aeb3f559d44a195ae (patch) | |
| tree | 650803dabb55a0669b19e6a7069273f703d78b84 /configs | |
| parent | 36bdcf7f3b17ec6d8cec782e7f1d5b0b8014300a (diff) | |
| parent | 2201fe70d878074a9176f352693c582d7464a8d1 (diff) | |
Merge branch '2020-03-12-rsa-improvements' into next
(Description from AKASHI Takahiro)
extend rsa_verify() for UEFI secure boot:
The current rsa_verify() requires five parameters for a RSA public key
for efficiency while RSA, in theory, requires only two. In addition,
those parameters are expected to come from FIT image.
So this function won't fit very well when we want to use it for the
purpose of implementing UEFI secure boot, in particular, image
authentication as well as variable authentication, where the essential
two parameters are set to be retrieved from one of X509 certificates in
signature database.
So, in this patch, additional three parameters will be calculated on the
fly when rsa_verify() is called without fdt which should contain
parameters above.
This calculation heavily relies on "big-number (or multi-precision)
library." Therefore some routines from BearSSL under MIT license are
imported in this implementation.
Diffstat (limited to 'configs')
| -rw-r--r-- | configs/sandbox64_defconfig | 1 | ||||
| -rw-r--r-- | configs/sandbox_defconfig | 1 | ||||
| -rw-r--r-- | configs/sandbox_flattree_defconfig | 1 | ||||
| -rw-r--r-- | configs/sandbox_spl_defconfig | 1 |
4 files changed, 4 insertions, 0 deletions
diff --git a/configs/sandbox64_defconfig b/configs/sandbox64_defconfig index d1c94b65a1..fe84cb3b36 100644 --- a/configs/sandbox64_defconfig +++ b/configs/sandbox64_defconfig @@ -200,6 +200,7 @@ CONFIG_WDT_SANDBOX=y CONFIG_FS_CBFS=y CONFIG_FS_CRAMFS=y CONFIG_CMD_DHRYSTONE=y +CONFIG_RSA_VERIFY_WITH_PKEY=y CONFIG_TPM=y CONFIG_LZ4=y CONFIG_ERRNO_STR=y diff --git a/configs/sandbox_defconfig b/configs/sandbox_defconfig index 45b5475b79..d9a201d386 100644 --- a/configs/sandbox_defconfig +++ b/configs/sandbox_defconfig @@ -226,6 +226,7 @@ CONFIG_WDT_SANDBOX=y CONFIG_FS_CBFS=y CONFIG_FS_CRAMFS=y CONFIG_CMD_DHRYSTONE=y +CONFIG_RSA_VERIFY_WITH_PKEY=y CONFIG_TPM=y CONFIG_LZ4=y CONFIG_ERRNO_STR=y diff --git a/configs/sandbox_flattree_defconfig b/configs/sandbox_flattree_defconfig index 43efefda51..59d34cb5e0 100644 --- a/configs/sandbox_flattree_defconfig +++ b/configs/sandbox_flattree_defconfig @@ -175,6 +175,7 @@ CONFIG_VIDEO_SANDBOX_SDL=y CONFIG_OSD=y CONFIG_SANDBOX_OSD=y CONFIG_CMD_DHRYSTONE=y +CONFIG_RSA_VERIFY_WITH_PKEY=y CONFIG_TPM=y CONFIG_LZ4=y CONFIG_ERRNO_STR=y diff --git a/configs/sandbox_spl_defconfig b/configs/sandbox_spl_defconfig index cb387e744b..53c5bd8a4e 100644 --- a/configs/sandbox_spl_defconfig +++ b/configs/sandbox_spl_defconfig @@ -198,6 +198,7 @@ CONFIG_FS_CBFS=y CONFIG_FS_CRAMFS=y # CONFIG_SPL_USE_TINY_PRINTF is not set CONFIG_CMD_DHRYSTONE=y +CONFIG_RSA_VERIFY_WITH_PKEY=y CONFIG_TPM=y CONFIG_LZ4=y CONFIG_ERRNO_STR=y |