Ruchika Gupta | d9f23c7 | 2015-01-23 16:01:56 +0530 | [diff] [blame] | 1 | config RSA |
| 2 | bool "Use RSA Library" |
Ricardo Salveti | 7ce8385 | 2021-08-28 10:41:22 +0300 | [diff] [blame] | 3 | select RSA_FREESCALE_EXP if FSL_CAAM && !ARCH_MX7 && !ARCH_MX7ULP && !ARCH_MX6 && !ARCH_MX5 |
Chia-Wei Wang | 89c36cc | 2021-10-27 14:17:30 +0800 | [diff] [blame] | 4 | select RSA_ASPEED_EXP if ASPEED_ACRY |
| 5 | select RSA_SOFTWARE_EXP if !RSA_FREESCALE_EXP && !RSA_ASPEED_EXP |
Ruchika Gupta | d9f23c7 | 2015-01-23 16:01:56 +0530 | [diff] [blame] | 6 | help |
| 7 | RSA support. This enables the RSA algorithm used for FIT image |
| 8 | verification in U-Boot. |
| 9 | See doc/uImage.FIT/signature.txt for more details. |
Simon Glass | 73223f0 | 2016-02-22 22:55:43 -0700 | [diff] [blame] | 10 | The Modular Exponentiation algorithm in RSA is implemented using |
| 11 | driver model. So CONFIG_DM needs to be enabled by default for this |
| 12 | library to function. |
| 13 | The signing part is build into mkimage regardless of this |
| 14 | option. The software based modular exponentiation is built into |
| 15 | mkimage irrespective of this option. |
Ruchika Gupta | d9f23c7 | 2015-01-23 16:01:56 +0530 | [diff] [blame] | 16 | |
Eugeniu Rosca | 39883af | 2018-04-21 14:00:10 +0200 | [diff] [blame] | 17 | if RSA |
| 18 | |
Teddy Reed | 51c14cd | 2016-06-09 19:18:44 -0700 | [diff] [blame] | 19 | config SPL_RSA |
| 20 | bool "Use RSA Library within SPL" |
Teddy Reed | 51c14cd | 2016-06-09 19:18:44 -0700 | [diff] [blame] | 21 | |
AKASHI Takahiro | b983cc2 | 2020-02-21 15:12:55 +0900 | [diff] [blame] | 22 | config SPL_RSA_VERIFY |
| 23 | bool |
Oleksandr Suvorov | d4f05b3 | 2021-09-16 15:03:36 +0300 | [diff] [blame] | 24 | depends on SPL_RSA |
AKASHI Takahiro | b983cc2 | 2020-02-21 15:12:55 +0900 | [diff] [blame] | 25 | help |
| 26 | Add RSA signature verification support in SPL. |
| 27 | |
| 28 | config RSA_VERIFY |
| 29 | bool |
| 30 | help |
| 31 | Add RSA signature verification support. |
| 32 | |
AKASHI Takahiro | dd89f5b | 2020-02-21 15:12:56 +0900 | [diff] [blame] | 33 | config RSA_VERIFY_WITH_PKEY |
| 34 | bool "Execute RSA verification without key parameters from FDT" |
| 35 | select RSA_VERIFY |
AKASHI Takahiro | e0d310b | 2020-02-21 15:12:58 +0900 | [diff] [blame] | 36 | select ASYMMETRIC_KEY_TYPE |
| 37 | select ASYMMETRIC_PUBLIC_KEY_SUBTYPE |
| 38 | select RSA_PUBLIC_KEY_PARSER |
AKASHI Takahiro | dd89f5b | 2020-02-21 15:12:56 +0900 | [diff] [blame] | 39 | help |
| 40 | The standard RSA-signature verification code (FIT_SIGNATURE) uses |
| 41 | pre-calculated key properties, that are stored in fdt blob, in |
| 42 | decrypting a signature. |
| 43 | This does not suit the use case where there is no way defined to |
| 44 | provide such additional key properties in standardized form, |
| 45 | particularly UEFI secure boot. |
| 46 | This options enables RSA signature verification with a public key |
| 47 | directly specified in image_sign_info, where all the necessary |
| 48 | key properties will be calculated on the fly in verification code. |
| 49 | |
Philippe Reynes | f6bacf1 | 2022-03-28 22:56:58 +0200 | [diff] [blame] | 50 | config SPL_RSA_VERIFY_WITH_PKEY |
| 51 | bool "Execute RSA verification without key parameters from FDT within SPL" |
| 52 | depends on SPL |
| 53 | select SPL_RSA_VERIFY |
| 54 | select SPL_ASYMMETRIC_KEY_TYPE |
| 55 | select SPL_ASYMMETRIC_PUBLIC_KEY_SUBTYPE |
| 56 | select SPL_RSA_PUBLIC_KEY_PARSER |
| 57 | help |
| 58 | The standard RSA-signature verification code (FIT_SIGNATURE) uses |
| 59 | pre-calculated key properties, that are stored in fdt blob, in |
| 60 | decrypting a signature. |
| 61 | This does not suit the use case where there is no way defined to |
| 62 | provide such additional key properties in standardized form, |
| 63 | particularly UEFI secure boot. |
| 64 | This options enables RSA signature verification with a public key |
| 65 | directly specified in image_sign_info, where all the necessary |
| 66 | key properties will be calculated on the fly in verification code |
| 67 | in the SPL. |
| 68 | |
Ruchika Gupta | d9f23c7 | 2015-01-23 16:01:56 +0530 | [diff] [blame] | 69 | config RSA_SOFTWARE_EXP |
| 70 | bool "Enable driver for RSA Modular Exponentiation in software" |
Eugeniu Rosca | 39883af | 2018-04-21 14:00:10 +0200 | [diff] [blame] | 71 | depends on DM |
Ruchika Gupta | d9f23c7 | 2015-01-23 16:01:56 +0530 | [diff] [blame] | 72 | help |
| 73 | Enables driver for modular exponentiation in software. This is a RSA |
| 74 | algorithm used in FIT image verification. It required RSA Key as |
| 75 | input. |
| 76 | See doc/uImage.FIT/signature.txt for more details. |
| 77 | |
| 78 | config RSA_FREESCALE_EXP |
| 79 | bool "Enable RSA Modular Exponentiation with FSL crypto accelerator" |
Ricardo Salveti | 7ce8385 | 2021-08-28 10:41:22 +0300 | [diff] [blame] | 80 | depends on DM && FSL_CAAM && !ARCH_MX7 && !ARCH_MX7ULP && !ARCH_MX6 && !ARCH_MX5 |
Ruchika Gupta | d9f23c7 | 2015-01-23 16:01:56 +0530 | [diff] [blame] | 81 | help |
| 82 | Enables driver for RSA modular exponentiation using Freescale cryptographic |
| 83 | accelerator - CAAM. |
| 84 | |
Chia-Wei Wang | 89c36cc | 2021-10-27 14:17:30 +0800 | [diff] [blame] | 85 | config RSA_ASPEED_EXP |
| 86 | bool "Enable RSA Modular Exponentiation with ASPEED crypto accelerator" |
| 87 | depends on DM && ASPEED_ACRY |
| 88 | help |
| 89 | Enables driver for RSA modular exponentiation using ASPEED cryptographic |
| 90 | accelerator - ACRY |
| 91 | |
Ruchika Gupta | d9f23c7 | 2015-01-23 16:01:56 +0530 | [diff] [blame] | 92 | endif |