1config RSA
2	bool "Use RSA Library"
3	select RSA_FREESCALE_EXP if FSL_CAAM && !ARCH_MX7 && !ARCH_MX7ULP && !ARCH_MX6 && !ARCH_MX5
4	select RSA_ASPEED_EXP if ASPEED_ACRY
5	select RSA_SOFTWARE_EXP if !RSA_FREESCALE_EXP && !RSA_ASPEED_EXP
6	help
7	  RSA support. This enables the RSA algorithm used for FIT image
8	  verification in U-Boot.
9	  See doc/uImage.FIT/signature.txt for more details.
10	  The Modular Exponentiation algorithm in RSA is implemented using
11	  driver model. So CONFIG_DM needs to be enabled by default for this
12	  library to function.
13	  The signing part is build into mkimage regardless of this
14	  option. The software based modular exponentiation is built into
15	  mkimage irrespective of this option.
16
17if RSA
18
19config SPL_RSA
20	bool "Use RSA Library within SPL"
21	depends on SPL
22
23config SPL_RSA_VERIFY
24	bool
25	depends on SPL_RSA
26	help
27	  Add RSA signature verification support in SPL.
28
29config RSA_VERIFY
30	bool
31	help
32	  Add RSA signature verification support.
33
34config RSA_VERIFY_WITH_PKEY
35	bool "Execute RSA verification without key parameters from FDT"
36	select RSA_VERIFY
37	select ASYMMETRIC_KEY_TYPE
38	select ASYMMETRIC_PUBLIC_KEY_SUBTYPE
39	select RSA_PUBLIC_KEY_PARSER
40	help
41	  The standard RSA-signature verification code (FIT_SIGNATURE) uses
42	  pre-calculated key properties, that are stored in fdt blob, in
43	  decrypting a signature.
44	  This does not suit the use case where there is no way defined to
45	  provide such additional key properties in standardized form,
46	  particularly UEFI secure boot.
47	  This options enables RSA signature verification with a public key
48	  directly specified in image_sign_info, where all the necessary
49	  key properties will be calculated on the fly in verification code.
50
51config SPL_RSA_VERIFY_WITH_PKEY
52	bool "Execute RSA verification without key parameters from FDT within SPL"
53	depends on SPL
54	select SPL_RSA_VERIFY
55	select SPL_ASYMMETRIC_KEY_TYPE
56	select SPL_ASYMMETRIC_PUBLIC_KEY_SUBTYPE
57	select SPL_RSA_PUBLIC_KEY_PARSER
58	help
59	  The standard RSA-signature verification code (FIT_SIGNATURE) uses
60	  pre-calculated key properties, that are stored in fdt blob, in
61	  decrypting a signature.
62	  This does not suit the use case where there is no way defined to
63	  provide such additional key properties in standardized form,
64	  particularly UEFI secure boot.
65	  This options enables RSA signature verification with a public key
66	  directly specified in image_sign_info, where all the necessary
67	  key properties will be calculated on the fly in verification code
68	  in the SPL.
69
70config RSA_SOFTWARE_EXP
71	bool "Enable driver for RSA Modular Exponentiation in software"
72	depends on DM
73	help
74	  Enables driver for modular exponentiation in software. This is a RSA
75	  algorithm used in FIT image verification. It required RSA Key as
76	  input.
77	  See doc/uImage.FIT/signature.txt for more details.
78
79config RSA_FREESCALE_EXP
80	bool "Enable RSA Modular Exponentiation with FSL crypto accelerator"
81	depends on DM && FSL_CAAM && !ARCH_MX7 && !ARCH_MX7ULP && !ARCH_MX6 && !ARCH_MX5
82	help
83	Enables driver for RSA modular exponentiation using Freescale cryptographic
84	accelerator - CAAM.
85
86config RSA_ASPEED_EXP
87	bool "Enable RSA Modular Exponentiation with ASPEED crypto accelerator"
88	depends on DM && ASPEED_ACRY
89	help
90	Enables driver for RSA modular exponentiation using ASPEED cryptographic
91	accelerator - ACRY
92
93endif
94