Gitiles
Code Review Sign In
gerrit.devboardsforandroid.linaro.org / platform / external / u-boot / 51c14cd128f4355514397dc3c8647fb14f7d8ff4^! / . / lib
commit51c14cd128f4355514397dc3c8647fb14f7d8ff4[log] [tgz]
authorTeddy Reed <teddy.reed@gmail.com>Thu Jun 09 19:18:44 2016 -0700
committerTom Rini <trini@konsulko.com>Sun Jun 12 13:14:58 2016 -0400
tree75a6855eebbb86d2fe86e07454e5b873c4b3fab5
parent7147a7ebd26fd0037b473343f0db2e2a98d19555 [diff]
verified-boot: Minimal support for booting U-Boot proper from SPL

This allows a board to configure verified boot within the SPL using
a FIT or FIT with external data. It also allows the SPL to perform
signature verification without needing relocation.

The board configuration will need to add the following feature defines:
CONFIG_SPL_CRYPTO_SUPPORT
CONFIG_SPL_HASH_SUPPORT
CONFIG_SPL_SHA256

In this example, SHA256 is the only selected hashing algorithm.

And the following booleans:
CONFIG_SPL=y
CONFIG_SPL_DM=y
CONFIG_SPL_LOAD_FIT=y
CONFIG_SPL_FIT=y
CONFIG_SPL_OF_CONTROL=y
CONFIG_SPL_OF_LIBFDT=y
CONFIG_SPL_FIT_SIGNATURE=y

Signed-off-by: Teddy Reed <teddy.reed@gmail.com>
Acked-by: Simon Glass <sjg@chromium.org>
Acked-by: Andreas Dannenberg <dannenberg@ti.com>
Acked-by: Sumit Garg <sumit.garg@nxp.com>

diff --git a/lib/Makefile b/lib/Makefile
index f77befe..f48d901 100644
--- a/lib/Makefile
+++ b/lib/Makefile

@@ -9,7 +9,6 @@
 
 obj-$(CONFIG_EFI) += efi/
 obj-$(CONFIG_EFI_LOADER) += efi_loader/
-obj-$(CONFIG_RSA) += rsa/
 obj-$(CONFIG_LZMA) += lzma/
 obj-$(CONFIG_LZO) += lzo/
 obj-$(CONFIG_ZLIB) += zlib/
@@ -25,8 +24,6 @@
 obj-y += crc16.o
 obj-$(CONFIG_ERRNO_STR) += errno_str.o
 obj-$(CONFIG_FIT) += fdtdec_common.o
-obj-$(CONFIG_$(SPL_)OF_CONTROL) += fdtdec_common.o
-obj-$(CONFIG_$(SPL_)OF_CONTROL) += fdtdec.o
 obj-$(CONFIG_TEST_FDTDEC) += fdtdec_test.o
 obj-$(CONFIG_GZIP) += gunzip.o
 obj-$(CONFIG_GZIP_COMPRESSED) += gzip.o
@@ -39,15 +36,17 @@
 obj-$(CONFIG_PHYSMEM) += physmem.o
 obj-y += qsort.o
 obj-y += rc4.o
-obj-$(CONFIG_SHA1) += sha1.o
 obj-$(CONFIG_SUPPORT_EMMC_RPMB) += sha256.o
-obj-$(CONFIG_SHA256) += sha256.o
 obj-$(CONFIG_TPM) += tpm.o
 obj-$(CONFIG_RBTREE)	+= rbtree.o
 obj-$(CONFIG_BITREVERSE) += bitrev.o
 obj-y += list_sort.o
 endif
 
+obj-$(CONFIG_$(SPL_)RSA) += rsa/
+obj-$(CONFIG_$(SPL_)SHA1) += sha1.o
+obj-$(CONFIG_$(SPL_)SHA256) += sha256.o
+
 obj-$(CONFIG_$(SPL_)OF_LIBFDT) += libfdt/
 ifdef CONFIG_SPL_OF_CONTROL
 obj-$(CONFIG_OF_LIBFDT) += libfdt/

diff --git a/lib/rsa/Kconfig b/lib/rsa/Kconfig
index 86df0a0..09ec358 100644
--- a/lib/rsa/Kconfig
+++ b/lib/rsa/Kconfig

@@ -13,6 +13,10 @@
 	  option. The software based modular exponentiation is built into
 	  mkimage irrespective of this option.
 
+config SPL_RSA
+	bool "Use RSA Library within SPL"
+	depends on RSA
+
 if RSA
 config RSA_SOFTWARE_EXP
 	bool "Enable driver for RSA Modular Exponentiation in software"

diff --git a/lib/rsa/Makefile b/lib/rsa/Makefile
index 6867e50..4b2c1ba 100644
--- a/lib/rsa/Makefile
+++ b/lib/rsa/Makefile

@@ -7,5 +7,5 @@
 # SPDX-License-Identifier:	GPL-2.0+
 #
 
-obj-$(CONFIG_FIT_SIGNATURE) += rsa-verify.o rsa-checksum.o
+obj-$(CONFIG_$(SPL_)FIT_SIGNATURE) += rsa-verify.o rsa-checksum.o
 obj-$(CONFIG_RSA_SOFTWARE_EXP) += rsa-mod-exp.o