diff options
| author | AKASHI Takahiro <takahiro.akashi@linaro.org> | 2020-02-21 15:12:55 +0900 |
|---|---|---|
| committer | Tom Rini <trini@konsulko.com> | 2020-03-12 08:20:38 -0400 |
| commit | b983cc2da0bafd73a4dfc069eb3c3a98677e2d92 (patch) | |
| tree | 6ea5e39eb92db6a1c1311876a8df52f267a3aeea /include/image.h | |
| parent | d08b16edf80aa268985b96b2d9e633909734e7c1 (diff) | |
| download | u-boot-b983cc2da0bafd73a4dfc069eb3c3a98677e2d92.zip u-boot-b983cc2da0bafd73a4dfc069eb3c3a98677e2d92.tar.gz u-boot-b983cc2da0bafd73a4dfc069eb3c3a98677e2d92.tar.bz2 | |
lib: rsa: decouple rsa from FIT image verification
Introduce new configuration, CONFIG_RSA_VERIFY which will decouple building
RSA functions from FIT verification and allow for adding a RSA-based
signature verification for other file formats, in particular PE file
for UEFI secure boot.
Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
Reviewed-by: Simon Glass <sjg@chromium.org>
Diffstat (limited to 'include/image.h')
| -rw-r--r-- | include/image.h | 14 |
1 files changed, 9 insertions, 5 deletions
diff --git a/include/image.h b/include/image.h index 645daee..928d9d5 100644 --- a/include/image.h +++ b/include/image.h @@ -1114,6 +1114,7 @@ int fit_conf_get_prop_node(const void *fit, int noffset, int fit_check_ramdisk(const void *fit, int os_noffset, uint8_t arch, int verify); +#endif /* IMAGE_ENABLE_FIT */ int calculate_hash(const void *data, int data_len, const char *algo, uint8_t *value, int *value_len); @@ -1126,16 +1127,20 @@ int calculate_hash(const void *data, int data_len, const char *algo, # if defined(CONFIG_FIT_SIGNATURE) # define IMAGE_ENABLE_SIGN 1 # define IMAGE_ENABLE_VERIFY 1 +# define FIT_IMAGE_ENABLE_VERIFY 1 # include <openssl/evp.h> # else # define IMAGE_ENABLE_SIGN 0 # define IMAGE_ENABLE_VERIFY 0 +# define FIT_IMAGE_ENABLE_VERIFY 0 # endif #else # define IMAGE_ENABLE_SIGN 0 -# define IMAGE_ENABLE_VERIFY CONFIG_IS_ENABLED(FIT_SIGNATURE) +# define IMAGE_ENABLE_VERIFY CONFIG_IS_ENABLED(RSA_VERIFY) +# define FIT_IMAGE_ENABLE_VERIFY CONFIG_IS_ENABLED(FIT_SIGNATURE) #endif +#if IMAGE_ENABLE_FIT #ifdef USE_HOSTCC void *image_get_host_blob(void); void image_set_host_blob(void *host_blob); @@ -1149,6 +1154,7 @@ void image_set_host_blob(void *host_blob); #else #define IMAGE_ENABLE_BEST_MATCH 0 #endif +#endif /* IMAGE_ENABLE_FIT */ /* Information passed to the signing routines */ struct image_sign_info { @@ -1166,16 +1172,12 @@ struct image_sign_info { const char *engine_id; /* Engine to use for signing */ }; -#endif /* Allow struct image_region to always be defined for rsa.h */ - /* A part of an image, used for hashing */ struct image_region { const void *data; int size; }; -#if IMAGE_ENABLE_FIT - #if IMAGE_ENABLE_VERIFY # include <u-boot/rsa-checksum.h> #endif @@ -1276,6 +1278,8 @@ struct crypto_algo *image_get_crypto_algo(const char *full_name); */ struct padding_algo *image_get_padding_algo(const char *name); +#if IMAGE_ENABLE_FIT + /** * fit_image_verify_required_sigs() - Verify signatures marked as 'required' * |