rsa: add CONFIG_RSA_VERIFY_WITH_PKEY config In the next couple of commits, under new CONFIG_RSA_VERIFY_WITH_PKEY, rsa_verify() will be extended to be able to perform RSA decryption without additional RSA key properties from FIT image, i.e. rr and n0inv. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>

commit: 1f14f816fc9d64f0be4b54fc0c1dcc8f4a07f974 [log] [tgz]
author: AKASHI Takahiro <takahiro.akashi@linaro.org> Fri Feb 21 15:12:56 2020 +0900
committer: Tom Rini <trini@konsulko.com> Thu Mar 12 08:20:39 2020 -0400
tree: d69501b977b644591d87be04742b9ec6856b3921
parent: 2223c7dcc30104fb25ce8df6552b5c31ef85a216 [diff]
diff --git a/lib/rsa/Kconfig b/lib/rsa/Kconfig
index 18a075c..8969721 100644
--- a/lib/rsa/Kconfig
+++ b/lib/rsa/Kconfig

@@ -28,6 +28,20 @@
 	help
 	  Add RSA signature verification support.
 
+config RSA_VERIFY_WITH_PKEY
+	bool "Execute RSA verification without key parameters from FDT"
+	select RSA_VERIFY
+	help
+	  The standard RSA-signature verification code (FIT_SIGNATURE) uses
+	  pre-calculated key properties, that are stored in fdt blob, in
+	  decrypting a signature.
+	  This does not suit the use case where there is no way defined to
+	  provide such additional key properties in standardized form,
+	  particularly UEFI secure boot.
+	  This options enables RSA signature verification with a public key
+	  directly specified in image_sign_info, where all the necessary
+	  key properties will be calculated on the fly in verification code.
+
 config RSA_SOFTWARE_EXP
 	bool "Enable driver for RSA Modular Exponentiation in software"
 	depends on DM
commit	1f14f816fc9d64f0be4b54fc0c1dcc8f4a07f974	[log] [tgz]
author	AKASHI Takahiro <takahiro.akashi@linaro.org>	Fri Feb 21 15:12:56 2020 +0900
committer	Tom Rini <trini@konsulko.com>	Thu Mar 12 08:20:39 2020 -0400
tree	d69501b977b644591d87be04742b9ec6856b3921
parent	2223c7dcc30104fb25ce8df6552b5c31ef85a216 [diff]