On Thu, Nov 21, 2019 at 09:11:16AM +0900, AKASHI Takahiro wrote: > Introduce new configuration, CONFIG_RSA_VERIFY which will decouple building > RSA functions from FIT verification and allow for adding a RSA-based > signature verification for other file formats, in particular PE file > for UEFI secure boot. > > Signed-off-by: AKASHI Takahiro <takahiro.aka...@linaro.org> > Reviewed-by: Simon Glass <s...@chromium.org> > --- > Kconfig | 1 + > common/Makefile | 3 +- > common/image-fit-sig.c | 417 +++++++++++++++++++++++++++++++++++++++++ > common/image-fit.c | 6 +- > common/image-sig.c | 396 -------------------------------------- > include/image.h | 13 +- > lib/rsa/Kconfig | 12 ++ > lib/rsa/Makefile | 2 +- > lib/rsa/rsa-verify.c | 78 +++++--- > tools/Makefile | 2 +- > 10 files changed, 493 insertions(+), 437 deletions(-) > create mode 100644 common/image-fit-sig.c
OK, the way this works today we see things like: T1042RDB_PI_NAND_SECURE_BOOT: all +706 data +88 rodata +58 spl/u-boot-spl:all +704 spl/u-boot-spl:data +144 spl/u-boot-spl:text +560 text +560 u-boot: add: 8/0, grow: 0/0 bytes: 584/0 (584) function old new delta hash_calculate - 192 +192 padding_pkcs_15_verify - 184 +184 rsa_verify - 104 +104 crypto_algos - 40 +40 checksum_algos - 40 +40 rsa_sign - 8 +8 rsa_add_verify_data - 8 +8 padding_algos - 8 +8 spl-u-boot-spl: add: 10/0, grow: 0/0 bytes: 618/0 (618) function old new delta hash_calculate - 192 +192 padding_pkcs_15_verify - 184 +184 rsa_verify - 104 +104 crypto_algos - 40 +40 checksum_algos - 40 +40 sha256_der_prefix - 19 +19 sha1_der_prefix - 15 +15 rsa_sign - 8 +8 rsa_add_verify_data - 8 +8 padding_algos - 8 +8 Which seems wrong, we should be making any changes here opt-in, yes? Thanks! -- Tom
signature.asc
Description: PGP signature