1config RSA 2 bool "Use RSA Library" 3 select RSA_FREESCALE_EXP if FSL_CAAM && !ARCH_MX7 && !ARCH_MX7ULP && !ARCH_MX6 && !ARCH_MX5 4 select RSA_ASPEED_EXP if ASPEED_ACRY 5 select RSA_SOFTWARE_EXP if !RSA_FREESCALE_EXP && !RSA_ASPEED_EXP 6 help 7 RSA support. This enables the RSA algorithm used for FIT image 8 verification in U-Boot. 9 See doc/uImage.FIT/signature.txt for more details. 10 The Modular Exponentiation algorithm in RSA is implemented using 11 driver model. So CONFIG_DM needs to be enabled by default for this 12 library to function. 13 The signing part is build into mkimage regardless of this 14 option. The software based modular exponentiation is built into 15 mkimage irrespective of this option. 16 17if RSA 18 19config SPL_RSA 20 bool "Use RSA Library within SPL" 21 depends on SPL 22 23config SPL_RSA_VERIFY 24 bool 25 depends on SPL_RSA 26 help 27 Add RSA signature verification support in SPL. 28 29config RSA_VERIFY 30 bool 31 help 32 Add RSA signature verification support. 33 34config RSA_VERIFY_WITH_PKEY 35 bool "Execute RSA verification without key parameters from FDT" 36 select RSA_VERIFY 37 select ASYMMETRIC_KEY_TYPE 38 select ASYMMETRIC_PUBLIC_KEY_SUBTYPE 39 select RSA_PUBLIC_KEY_PARSER 40 help 41 The standard RSA-signature verification code (FIT_SIGNATURE) uses 42 pre-calculated key properties, that are stored in fdt blob, in 43 decrypting a signature. 44 This does not suit the use case where there is no way defined to 45 provide such additional key properties in standardized form, 46 particularly UEFI secure boot. 47 This options enables RSA signature verification with a public key 48 directly specified in image_sign_info, where all the necessary 49 key properties will be calculated on the fly in verification code. 50 51config SPL_RSA_VERIFY_WITH_PKEY 52 bool "Execute RSA verification without key parameters from FDT within SPL" 53 depends on SPL 54 select SPL_RSA_VERIFY 55 select SPL_ASYMMETRIC_KEY_TYPE 56 select SPL_ASYMMETRIC_PUBLIC_KEY_SUBTYPE 57 select SPL_RSA_PUBLIC_KEY_PARSER 58 help 59 The standard RSA-signature verification code (FIT_SIGNATURE) uses 60 pre-calculated key properties, that are stored in fdt blob, in 61 decrypting a signature. 62 This does not suit the use case where there is no way defined to 63 provide such additional key properties in standardized form, 64 particularly UEFI secure boot. 65 This options enables RSA signature verification with a public key 66 directly specified in image_sign_info, where all the necessary 67 key properties will be calculated on the fly in verification code 68 in the SPL. 69 70config RSA_SOFTWARE_EXP 71 bool "Enable driver for RSA Modular Exponentiation in software" 72 depends on DM 73 help 74 Enables driver for modular exponentiation in software. This is a RSA 75 algorithm used in FIT image verification. It required RSA Key as 76 input. 77 See doc/uImage.FIT/signature.txt for more details. 78 79config RSA_FREESCALE_EXP 80 bool "Enable RSA Modular Exponentiation with FSL crypto accelerator" 81 depends on DM && FSL_CAAM && !ARCH_MX7 && !ARCH_MX7ULP && !ARCH_MX6 && !ARCH_MX5 82 help 83 Enables driver for RSA modular exponentiation using Freescale cryptographic 84 accelerator - CAAM. 85 86config RSA_ASPEED_EXP 87 bool "Enable RSA Modular Exponentiation with ASPEED crypto accelerator" 88 depends on DM && ASPEED_ACRY 89 help 90 Enables driver for RSA modular exponentiation using ASPEED cryptographic 91 accelerator - ACRY 92 93endif 94