Cross Reference: /u-boot/lib/rsa/Kconfig

History log of /u-boot/lib/rsa/Kconfig
Revision	Date	Author	Comments (<<< Hide modified files) (Show modified files >>>)
# b340199f	10-Jun-2022	Tom Rini <trini@konsulko.com>	spl: Ensure all SPL symbols in Kconfig have some SPL dependency Tighten up symbol dependencies in a number of places. Ensure that a SPL specific option has at least a direct dependency on SPL. In places where it's clear that we depend on something more specific, use that dependency instead. This means in a very small number of places we can drop redundant dependencies. Reported-by: Pali Rohár <pali@kernel.org> Signed-off-by: Tom Rini <trini@konsulko.com> /u-boot/lib/rsa/Kconfig
# f6bacf1d	28-Mar-2022	Philippe Reynes <philippe.reynes@softathome.com>	lib: rsa: allow rsa verify with pkey in SPL This commit adds the option SPL_RSA_VERIFY_WITH_PKEY. Reviewed-by: Simon Glass <sjg@chromium.org> Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> /u-boot/lib/rsa/Kconfig
# 89c36cca	27-Oct-2021	Chia-Wei Wang <chiawei_wang@aspeedtech.com>	crypto: aspeed: Add AST2600 ACRY support ACRY is designed to accelerate ECC/RSA digital signature generation and verification. Signed-off-by: Chia-Wei Wang <chiawei_wang@aspeedtech.com> /u-boot/lib/rsa/Kconfig
# 7ce83854	28-Aug-2021	Ricardo Salveti <ricardo@foundries.io>	Kconfig: Don't use RSA_FREESCALE_EXP on MX7ULP The CAAM on IMX7ULP doesn't support public key hardware acceleration (PKHA), as in other NXP parts. Disable RSA_FREESCALE_EXP for IMX7ULP too. Fixed: f4e9ff7135 ("Kconfig: Don't use RSA_FREESCALE_EXP on IMX") Signed-off-by: Ricardo Salveti <ricardo@foundries.io> Signed-off-by: Oleksandr Suvorov <oleksandr.suvorov@foundries.io> /u-boot/lib/rsa/Kconfig
# d4f05b31	16-Sep-2021	Oleksandr Suvorov <oleksandr.suvorov@foundries.io>	lib: rsa: fix dependency for SPL_RSA_VERIFY SPL_RSA_VERIFY requires SPL_RSA to be enabled. Add correct dependency. Signed-off-by: Oleksandr Suvorov <oleksandr.suvorov@foundries.io> /u-boot/lib/rsa/Kconfig
# e0d310b0	20-Feb-2020	AKASHI Takahiro <takahiro.akashi@linaro.org>	lib: rsa: generate additional parameters for public key In the current implementation of FIT_SIGNATURE, five parameters for a RSA public key are required while only two of them are essential. (See rsa-mod-exp.h and uImage.FIT/signature.txt) This is a result of considering relatively limited computer power and resources on embedded systems, while such a assumption may not be quite practical for other use cases. In this patch, added is a function, rsa_gen_key_prop(), which will generate additional parameters for other uses, in particular UEFI secure boot, on the fly. Note: the current code uses some "big number" routines from BearSSL for the calculation. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> /u-boot/lib/rsa/Kconfig
# dd89f5b0	20-Feb-2020	AKASHI Takahiro <takahiro.akashi@linaro.org>	rsa: add CONFIG_RSA_VERIFY_WITH_PKEY config In the next couple of commits, under new CONFIG_RSA_VERIFY_WITH_PKEY, rsa_verify() will be extended to be able to perform RSA decryption without additional RSA key properties from FIT image, i.e. rr and n0inv. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org> /u-boot/lib/rsa/Kconfig
# b983cc2d	20-Feb-2020	AKASHI Takahiro <takahiro.akashi@linaro.org>	lib: rsa: decouple rsa from FIT image verification Introduce new configuration, CONFIG_RSA_VERIFY which will decouple building RSA functions from FIT verification and allow for adding a RSA-based signature verification for other file formats, in particular PE file for UEFI secure boot. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org> /u-boot/lib/rsa/Kconfig
# 39883af3	21-Apr-2018	Eugeniu Rosca <roscaeugeniu@gmail.com>	lib/rsa: Kconfig: Remove superfluous 'depends on RSA' RSA_SOFTWARE_EXP and RSA_FREESCALE_EXP are wrapped inside: if RSA ... endif So, remove the redundant "depends on RSA" from their depends expression. In addition, move SPL_RSA into the same "if RSA ... endif" block, since its only direct dependeny is CONFIG_RSA. This tidies up and simplifies reading of lib/rsa/Kconfig. No functional change intended. Signed-off-by: Eugeniu Rosca <erosca@de.adit-jv.com> Reviewed-by: Simon Glass <sjg@chromium.org> /u-boot/lib/rsa/Kconfig
# f4e9ff71	16-Mar-2017	George McCollister <george.mccollister@gmail.com>	Kconfig: Don't use RSA_FREESCALE_EXP on IMX The CAAM in IMX parts doesn't support public key hardware acceleration (PKHA), so don't use RSA_FREESCALE_EXP. If you try to use it on IMX (assuming you have the clocks enabled first) you will get back an "Invalid KEY Command" error since PKHA isn't a valid key destination for these parts. Signed-off-by: George McCollister <george.mccollister@gmail.com> Reviewed-by: Tom Rini <trini@konsulko.com> /u-boot/lib/rsa/Kconfig
# 51c14cd1	09-Jun-2016	Teddy Reed <teddy.reed@gmail.com>	verified-boot: Minimal support for booting U-Boot proper from SPL This allows a board to configure verified boot within the SPL using a FIT or FIT with external data. It also allows the SPL to perform signature verification without needing relocation. The board configuration will need to add the following feature defines: CONFIG_SPL_CRYPTO_SUPPORT CONFIG_SPL_HASH_SUPPORT CONFIG_SPL_SHA256 In this example, SHA256 is the only selected hashing algorithm. And the following booleans: CONFIG_SPL=y CONFIG_SPL_DM=y CONFIG_SPL_LOAD_FIT=y CONFIG_SPL_FIT=y CONFIG_SPL_OF_CONTROL=y CONFIG_SPL_OF_LIBFDT=y CONFIG_SPL_FIT_SIGNATURE=y Signed-off-by: Teddy Reed <teddy.reed@gmail.com> Acked-by: Simon Glass <sjg@chromium.org> Acked-by: Andreas Dannenberg <dannenberg@ti.com> Acked-by: Sumit Garg <sumit.garg@nxp.com> /u-boot/lib/rsa/Kconfig
# 73223f0e	22-Feb-2016	Simon Glass <sjg@chromium.org>	Kconfig: Move CONFIG_FIT and related options to Kconfig There are already two FIT options in Kconfig but the CONFIG options are still in the header files. We need to do a proper move to fix this. Move these options to Kconfig and tidy up board configuration: CONFIG_FIT CONFIG_OF_BOARD_SETUP CONFIG_OF_SYSTEM_SETUP CONFIG_FIT_SIGNATURE CONFIG_FIT_BEST_MATCH CONFIG_FIT_VERBOSE CONFIG_OF_STDOUT_VIA_ALIAS CONFIG_RSA Unfortunately the first one is a little complicated. We need to make sure this option is not enabled in SPL by this change. Also this option is enabled automatically in the host builds by defining CONFIG_FIT in the image.h file. To solve this, add a new IMAGE_USE_FIT #define which can be used in files that are built on the host but must also build for U-Boot and SPL. Note: Masahiro's moveconfig.py script is amazing. Signed-off-by: Simon Glass <sjg@chromium.org> [trini: Add microblaze change, various configs/ re-applies] Signed-off-by: Tom Rini <trini@konsulko.com> /u-boot/lib/rsa/Kconfig
# d9f23c7f	23-Jan-2015	Ruchika Gupta <ruchika.gupta@nxp.com>	lib/rsa: Add Kconfig for devices supporting RSA Modular Exponentiation Kconfig option added for devices which support RSA Verification. 1. RSA_SOFTWARE_EXP Enables driver for supporting RSA Modular Exponentiation in Software 2. RSA_FREESCALE_EXP Enables driver for supporting RSA Modular Exponentiation using Freescale specific driver The above drivers use RSA uclass Signed-off-by: Ruchika Gupta <ruchika.gupta@freescale.com> CC: Simon Glass <sjg@chromium.org> Acked-by: Simon Glass <sjg@chromium.org> Signed-off-by: Simon Glass <sjg@chromium.org> (Removed duplicate line in Kconfig comment) Change-Id: I7663c4d5350e2bfc3dfa2696f70ef777d6ccc6f6 /u-boot/lib/rsa/Kconfig
# f6bacf1d	28-Mar-2022	Philippe Reynes <philippe.reynes@softathome.com>	lib: rsa: allow rsa verify with pkey in SPL This commit adds the option SPL_RSA_VERIFY_WITH_PKEY. Reviewed-by: Simon Glass <sjg@chromium.org> Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> /u-boot/lib/rsa/Kconfig
# 89c36cca	27-Oct-2021	Chia-Wei Wang <chiawei_wang@aspeedtech.com>	crypto: aspeed: Add AST2600 ACRY support ACRY is designed to accelerate ECC/RSA digital signature generation and verification. Signed-off-by: Chia-Wei Wang <chiawei_wang@aspeedtech.com> /u-boot/lib/rsa/Kconfig
# 7ce83854	28-Aug-2021	Ricardo Salveti <ricardo@foundries.io>	Kconfig: Don't use RSA_FREESCALE_EXP on MX7ULP The CAAM on IMX7ULP doesn't support public key hardware acceleration (PKHA), as in other NXP parts. Disable RSA_FREESCALE_EXP for IMX7ULP too. Fixed: f4e9ff7135 ("Kconfig: Don't use RSA_FREESCALE_EXP on IMX") Signed-off-by: Ricardo Salveti <ricardo@foundries.io> Signed-off-by: Oleksandr Suvorov <oleksandr.suvorov@foundries.io> /u-boot/lib/rsa/Kconfig
# d4f05b31	16-Sep-2021	Oleksandr Suvorov <oleksandr.suvorov@foundries.io>	lib: rsa: fix dependency for SPL_RSA_VERIFY SPL_RSA_VERIFY requires SPL_RSA to be enabled. Add correct dependency. Signed-off-by: Oleksandr Suvorov <oleksandr.suvorov@foundries.io> /u-boot/lib/rsa/Kconfig
# e0d310b0	20-Feb-2020	AKASHI Takahiro <takahiro.akashi@linaro.org>	lib: rsa: generate additional parameters for public key In the current implementation of FIT_SIGNATURE, five parameters for a RSA public key are required while only two of them are essential. (See rsa-mod-exp.h and uImage.FIT/signature.txt) This is a result of considering relatively limited computer power and resources on embedded systems, while such a assumption may not be quite practical for other use cases. In this patch, added is a function, rsa_gen_key_prop(), which will generate additional parameters for other uses, in particular UEFI secure boot, on the fly. Note: the current code uses some "big number" routines from BearSSL for the calculation. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> /u-boot/lib/rsa/Kconfig
# dd89f5b0	20-Feb-2020	AKASHI Takahiro <takahiro.akashi@linaro.org>	rsa: add CONFIG_RSA_VERIFY_WITH_PKEY config In the next couple of commits, under new CONFIG_RSA_VERIFY_WITH_PKEY, rsa_verify() will be extended to be able to perform RSA decryption without additional RSA key properties from FIT image, i.e. rr and n0inv. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org> /u-boot/lib/rsa/Kconfig
# b983cc2d	20-Feb-2020	AKASHI Takahiro <takahiro.akashi@linaro.org>	lib: rsa: decouple rsa from FIT image verification Introduce new configuration, CONFIG_RSA_VERIFY which will decouple building RSA functions from FIT verification and allow for adding a RSA-based signature verification for other file formats, in particular PE file for UEFI secure boot. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org> /u-boot/lib/rsa/Kconfig
# 39883af3	21-Apr-2018	Eugeniu Rosca <roscaeugeniu@gmail.com>	lib/rsa: Kconfig: Remove superfluous 'depends on RSA' RSA_SOFTWARE_EXP and RSA_FREESCALE_EXP are wrapped inside: if RSA ... endif So, remove the redundant "depends on RSA" from their depends expression. In addition, move SPL_RSA into the same "if RSA ... endif" block, since its only direct dependeny is CONFIG_RSA. This tidies up and simplifies reading of lib/rsa/Kconfig. No functional change intended. Signed-off-by: Eugeniu Rosca <erosca@de.adit-jv.com> Reviewed-by: Simon Glass <sjg@chromium.org> /u-boot/lib/rsa/Kconfig
# f4e9ff71	16-Mar-2017	George McCollister <george.mccollister@gmail.com>	Kconfig: Don't use RSA_FREESCALE_EXP on IMX The CAAM in IMX parts doesn't support public key hardware acceleration (PKHA), so don't use RSA_FREESCALE_EXP. If you try to use it on IMX (assuming you have the clocks enabled first) you will get back an "Invalid KEY Command" error since PKHA isn't a valid key destination for these parts. Signed-off-by: George McCollister <george.mccollister@gmail.com> Reviewed-by: Tom Rini <trini@konsulko.com> /u-boot/lib/rsa/Kconfig
# 51c14cd1	09-Jun-2016	Teddy Reed <teddy.reed@gmail.com>	verified-boot: Minimal support for booting U-Boot proper from SPL This allows a board to configure verified boot within the SPL using a FIT or FIT with external data. It also allows the SPL to perform signature verification without needing relocation. The board configuration will need to add the following feature defines: CONFIG_SPL_CRYPTO_SUPPORT CONFIG_SPL_HASH_SUPPORT CONFIG_SPL_SHA256 In this example, SHA256 is the only selected hashing algorithm. And the following booleans: CONFIG_SPL=y CONFIG_SPL_DM=y CONFIG_SPL_LOAD_FIT=y CONFIG_SPL_FIT=y CONFIG_SPL_OF_CONTROL=y CONFIG_SPL_OF_LIBFDT=y CONFIG_SPL_FIT_SIGNATURE=y Signed-off-by: Teddy Reed <teddy.reed@gmail.com> Acked-by: Simon Glass <sjg@chromium.org> Acked-by: Andreas Dannenberg <dannenberg@ti.com> Acked-by: Sumit Garg <sumit.garg@nxp.com> /u-boot/lib/rsa/Kconfig
# 73223f0e	22-Feb-2016	Simon Glass <sjg@chromium.org>	Kconfig: Move CONFIG_FIT and related options to Kconfig There are already two FIT options in Kconfig but the CONFIG options are still in the header files. We need to do a proper move to fix this. Move these options to Kconfig and tidy up board configuration: CONFIG_FIT CONFIG_OF_BOARD_SETUP CONFIG_OF_SYSTEM_SETUP CONFIG_FIT_SIGNATURE CONFIG_FIT_BEST_MATCH CONFIG_FIT_VERBOSE CONFIG_OF_STDOUT_VIA_ALIAS CONFIG_RSA Unfortunately the first one is a little complicated. We need to make sure this option is not enabled in SPL by this change. Also this option is enabled automatically in the host builds by defining CONFIG_FIT in the image.h file. To solve this, add a new IMAGE_USE_FIT #define which can be used in files that are built on the host but must also build for U-Boot and SPL. Note: Masahiro's moveconfig.py script is amazing. Signed-off-by: Simon Glass <sjg@chromium.org> [trini: Add microblaze change, various configs/ re-applies] Signed-off-by: Tom Rini <trini@konsulko.com> /u-boot/lib/rsa/Kconfig
# d9f23c7f	23-Jan-2015	Ruchika Gupta <ruchika.gupta@nxp.com>	lib/rsa: Add Kconfig for devices supporting RSA Modular Exponentiation Kconfig option added for devices which support RSA Verification. 1. RSA_SOFTWARE_EXP Enables driver for supporting RSA Modular Exponentiation in Software 2. RSA_FREESCALE_EXP Enables driver for supporting RSA Modular Exponentiation using Freescale specific driver The above drivers use RSA uclass Signed-off-by: Ruchika Gupta <ruchika.gupta@freescale.com> CC: Simon Glass <sjg@chromium.org> Acked-by: Simon Glass <sjg@chromium.org> Signed-off-by: Simon Glass <sjg@chromium.org> (Removed duplicate line in Kconfig comment) Change-Id: I7663c4d5350e2bfc3dfa2696f70ef777d6ccc6f6 /u-boot/lib/rsa/Kconfig
# 89c36cca	27-Oct-2021	Chia-Wei Wang <chiawei_wang@aspeedtech.com>	crypto: aspeed: Add AST2600 ACRY support ACRY is designed to accelerate ECC/RSA digital signature generation and verification. Signed-off-by: Chia-Wei Wang <chiawei_wang@aspeedtech.com> /u-boot/lib/rsa/Kconfig
# 7ce83854	28-Aug-2021	Ricardo Salveti <ricardo@foundries.io>	Kconfig: Don't use RSA_FREESCALE_EXP on MX7ULP The CAAM on IMX7ULP doesn't support public key hardware acceleration (PKHA), as in other NXP parts. Disable RSA_FREESCALE_EXP for IMX7ULP too. Fixed: f4e9ff7135 ("Kconfig: Don't use RSA_FREESCALE_EXP on IMX") Signed-off-by: Ricardo Salveti <ricardo@foundries.io> Signed-off-by: Oleksandr Suvorov <oleksandr.suvorov@foundries.io> /u-boot/lib/rsa/Kconfig
# d4f05b31	16-Sep-2021	Oleksandr Suvorov <oleksandr.suvorov@foundries.io>	lib: rsa: fix dependency for SPL_RSA_VERIFY SPL_RSA_VERIFY requires SPL_RSA to be enabled. Add correct dependency. Signed-off-by: Oleksandr Suvorov <oleksandr.suvorov@foundries.io> /u-boot/lib/rsa/Kconfig
# e0d310b0	20-Feb-2020	AKASHI Takahiro <takahiro.akashi@linaro.org>	lib: rsa: generate additional parameters for public key In the current implementation of FIT_SIGNATURE, five parameters for a RSA public key are required while only two of them are essential. (See rsa-mod-exp.h and uImage.FIT/signature.txt) This is a result of considering relatively limited computer power and resources on embedded systems, while such a assumption may not be quite practical for other use cases. In this patch, added is a function, rsa_gen_key_prop(), which will generate additional parameters for other uses, in particular UEFI secure boot, on the fly. Note: the current code uses some "big number" routines from BearSSL for the calculation. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> /u-boot/lib/rsa/Kconfig
# dd89f5b0	20-Feb-2020	AKASHI Takahiro <takahiro.akashi@linaro.org>	rsa: add CONFIG_RSA_VERIFY_WITH_PKEY config In the next couple of commits, under new CONFIG_RSA_VERIFY_WITH_PKEY, rsa_verify() will be extended to be able to perform RSA decryption without additional RSA key properties from FIT image, i.e. rr and n0inv. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org> /u-boot/lib/rsa/Kconfig
# b983cc2d	20-Feb-2020	AKASHI Takahiro <takahiro.akashi@linaro.org>	lib: rsa: decouple rsa from FIT image verification Introduce new configuration, CONFIG_RSA_VERIFY which will decouple building RSA functions from FIT verification and allow for adding a RSA-based signature verification for other file formats, in particular PE file for UEFI secure boot. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org> /u-boot/lib/rsa/Kconfig
# 39883af3	21-Apr-2018	Eugeniu Rosca <roscaeugeniu@gmail.com>	lib/rsa: Kconfig: Remove superfluous 'depends on RSA' RSA_SOFTWARE_EXP and RSA_FREESCALE_EXP are wrapped inside: if RSA ... endif So, remove the redundant "depends on RSA" from their depends expression. In addition, move SPL_RSA into the same "if RSA ... endif" block, since its only direct dependeny is CONFIG_RSA. This tidies up and simplifies reading of lib/rsa/Kconfig. No functional change intended. Signed-off-by: Eugeniu Rosca <erosca@de.adit-jv.com> Reviewed-by: Simon Glass <sjg@chromium.org> /u-boot/lib/rsa/Kconfig
# f4e9ff71	16-Mar-2017	George McCollister <george.mccollister@gmail.com>	Kconfig: Don't use RSA_FREESCALE_EXP on IMX The CAAM in IMX parts doesn't support public key hardware acceleration (PKHA), so don't use RSA_FREESCALE_EXP. If you try to use it on IMX (assuming you have the clocks enabled first) you will get back an "Invalid KEY Command" error since PKHA isn't a valid key destination for these parts. Signed-off-by: George McCollister <george.mccollister@gmail.com> Reviewed-by: Tom Rini <trini@konsulko.com> /u-boot/lib/rsa/Kconfig
# 51c14cd1	09-Jun-2016	Teddy Reed <teddy.reed@gmail.com>	verified-boot: Minimal support for booting U-Boot proper from SPL This allows a board to configure verified boot within the SPL using a FIT or FIT with external data. It also allows the SPL to perform signature verification without needing relocation. The board configuration will need to add the following feature defines: CONFIG_SPL_CRYPTO_SUPPORT CONFIG_SPL_HASH_SUPPORT CONFIG_SPL_SHA256 In this example, SHA256 is the only selected hashing algorithm. And the following booleans: CONFIG_SPL=y CONFIG_SPL_DM=y CONFIG_SPL_LOAD_FIT=y CONFIG_SPL_FIT=y CONFIG_SPL_OF_CONTROL=y CONFIG_SPL_OF_LIBFDT=y CONFIG_SPL_FIT_SIGNATURE=y Signed-off-by: Teddy Reed <teddy.reed@gmail.com> Acked-by: Simon Glass <sjg@chromium.org> Acked-by: Andreas Dannenberg <dannenberg@ti.com> Acked-by: Sumit Garg <sumit.garg@nxp.com> /u-boot/lib/rsa/Kconfig
# 73223f0e	22-Feb-2016	Simon Glass <sjg@chromium.org>	Kconfig: Move CONFIG_FIT and related options to Kconfig There are already two FIT options in Kconfig but the CONFIG options are still in the header files. We need to do a proper move to fix this. Move these options to Kconfig and tidy up board configuration: CONFIG_FIT CONFIG_OF_BOARD_SETUP CONFIG_OF_SYSTEM_SETUP CONFIG_FIT_SIGNATURE CONFIG_FIT_BEST_MATCH CONFIG_FIT_VERBOSE CONFIG_OF_STDOUT_VIA_ALIAS CONFIG_RSA Unfortunately the first one is a little complicated. We need to make sure this option is not enabled in SPL by this change. Also this option is enabled automatically in the host builds by defining CONFIG_FIT in the image.h file. To solve this, add a new IMAGE_USE_FIT #define which can be used in files that are built on the host but must also build for U-Boot and SPL. Note: Masahiro's moveconfig.py script is amazing. Signed-off-by: Simon Glass <sjg@chromium.org> [trini: Add microblaze change, various configs/ re-applies] Signed-off-by: Tom Rini <trini@konsulko.com> /u-boot/lib/rsa/Kconfig
# d9f23c7f	23-Jan-2015	Ruchika Gupta <ruchika.gupta@nxp.com>	lib/rsa: Add Kconfig for devices supporting RSA Modular Exponentiation Kconfig option added for devices which support RSA Verification. 1. RSA_SOFTWARE_EXP Enables driver for supporting RSA Modular Exponentiation in Software 2. RSA_FREESCALE_EXP Enables driver for supporting RSA Modular Exponentiation using Freescale specific driver The above drivers use RSA uclass Signed-off-by: Ruchika Gupta <ruchika.gupta@freescale.com> CC: Simon Glass <sjg@chromium.org> Acked-by: Simon Glass <sjg@chromium.org> Signed-off-by: Simon Glass <sjg@chromium.org> (Removed duplicate line in Kconfig comment) Change-Id: I7663c4d5350e2bfc3dfa2696f70ef777d6ccc6f6 /u-boot/lib/rsa/Kconfig
# 7ce83854	28-Aug-2021	Ricardo Salveti <ricardo@foundries.io>	Kconfig: Don't use RSA_FREESCALE_EXP on MX7ULP The CAAM on IMX7ULP doesn't support public key hardware acceleration (PKHA), as in other NXP parts. Disable RSA_FREESCALE_EXP for IMX7ULP too. Fixed: f4e9ff7135 ("Kconfig: Don't use RSA_FREESCALE_EXP on IMX") Signed-off-by: Ricardo Salveti <ricardo@foundries.io> Signed-off-by: Oleksandr Suvorov <oleksandr.suvorov@foundries.io> /u-boot/lib/rsa/Kconfig
# d4f05b31	16-Sep-2021	Oleksandr Suvorov <oleksandr.suvorov@foundries.io>	lib: rsa: fix dependency for SPL_RSA_VERIFY SPL_RSA_VERIFY requires SPL_RSA to be enabled. Add correct dependency. Signed-off-by: Oleksandr Suvorov <oleksandr.suvorov@foundries.io> /u-boot/lib/rsa/Kconfig
# e0d310b0	20-Feb-2020	AKASHI Takahiro <takahiro.akashi@linaro.org>	lib: rsa: generate additional parameters for public key In the current implementation of FIT_SIGNATURE, five parameters for a RSA public key are required while only two of them are essential. (See rsa-mod-exp.h and uImage.FIT/signature.txt) This is a result of considering relatively limited computer power and resources on embedded systems, while such a assumption may not be quite practical for other use cases. In this patch, added is a function, rsa_gen_key_prop(), which will generate additional parameters for other uses, in particular UEFI secure boot, on the fly. Note: the current code uses some "big number" routines from BearSSL for the calculation. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> /u-boot/lib/rsa/Kconfig
# dd89f5b0	20-Feb-2020	AKASHI Takahiro <takahiro.akashi@linaro.org>	rsa: add CONFIG_RSA_VERIFY_WITH_PKEY config In the next couple of commits, under new CONFIG_RSA_VERIFY_WITH_PKEY, rsa_verify() will be extended to be able to perform RSA decryption without additional RSA key properties from FIT image, i.e. rr and n0inv. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org> /u-boot/lib/rsa/Kconfig