Gitiles
Code Review Sign In
git01.mediatek.com / filogic / uboot / 9b51ddc156cc6f0f95e3805c513f8344c5dfccd7 / . / lib / mbedtls / Kconfig
blob: 789721ee6cde0ad4849fef376d6a9ad00ef8a1dd [file] [log] [blame]
Raymond Mao9f4ca0d2025-02-03 14:08:14 -0800[diff] [blame]1# For U-Boot Proper
2
Raymond Mao87010c32024-10-03 14:50:15 -0700[diff] [blame]3choice
Raymond Mao9f4ca0d2025-02-03 14:08:14 -0800[diff] [blame]4 prompt "Crypto libraries (U-Boot Proper)"
5 default LEGACY_HASHING_AND_CRYPTO
Raymond Mao87010c32024-10-03 14:50:15 -0700[diff] [blame]6 help
7 Select crypto libraries.
Raymond Mao9f4ca0d2025-02-03 14:08:14 -0800[diff] [blame]8 LEGACY_HASHING_AND_CRYPTO for legacy crypto libraries,
Raymond Mao87010c32024-10-03 14:50:15 -0700[diff] [blame]9 MBEDTLS_LIB for MbedTLS libraries.
10
Raymond Mao9f4ca0d2025-02-03 14:08:14 -0800[diff] [blame]11config LEGACY_HASHING_AND_CRYPTO
Raymond Mao87010c32024-10-03 14:50:15 -0700[diff] [blame]12 bool "legacy crypto libraries"
Raymond Mao9f4ca0d2025-02-03 14:08:14 -0800[diff] [blame]13 select LEGACY_HASHING
14 select LEGACY_CRYPTO
Raymond Mao87010c32024-10-03 14:50:15 -0700[diff] [blame]15
16config MBEDTLS_LIB
17 bool "MbedTLS libraries"
18 select MBEDTLS_LIB_X509
19endchoice
20
Raymond Mao9f4ca0d2025-02-03 14:08:14 -0800[diff] [blame]21if LEGACY_HASHING_AND_CRYPTO || MBEDTLS_LIB_HASHING_ALT
Raymond Mao87010c32024-10-03 14:50:15 -0700[diff] [blame]22
Raymond Mao9f4ca0d2025-02-03 14:08:14 -0800[diff] [blame]23config LEGACY_HASHING
24 bool "Use U-Boot legacy hashing libraries"
Raymond Maoa571b982024-10-03 14:50:16 -0700[diff] [blame]25 select MD5_LEGACY if MD5
26 select SHA1_LEGACY if SHA1
27 select SHA256_LEGACY if SHA256
28 select SHA512_LEGACY if SHA512
29 select SHA384_LEGACY if SHA384
Raymond Mao87010c32024-10-03 14:50:15 -0700[diff] [blame]30 help
Raymond Mao9f4ca0d2025-02-03 14:08:14 -0800[diff] [blame]31 Enable U-Boot legacy hashing libraries.
Raymond Mao87010c32024-10-03 14:50:15 -0700[diff] [blame]32
Raymond Mao9f4ca0d2025-02-03 14:08:14 -0800[diff] [blame]33if LEGACY_HASHING
Raymond Maoa571b982024-10-03 14:50:16 -0700[diff] [blame]34
35config SHA1_LEGACY
36 bool "Enable SHA1 support with legacy crypto library"
Raymond Mao9f4ca0d2025-02-03 14:08:14 -0800[diff] [blame]37 depends on LEGACY_HASHING && SHA1
Raymond Maoa571b982024-10-03 14:50:16 -0700[diff] [blame]38 help
39 This option enables support of hashing using SHA1 algorithm
40 with legacy crypto library.
41
42config SHA256_LEGACY
43 bool "Enable SHA256 support with legacy crypto library"
Raymond Mao9f4ca0d2025-02-03 14:08:14 -0800[diff] [blame]44 depends on LEGACY_HASHING && SHA256
Raymond Maoa571b982024-10-03 14:50:16 -0700[diff] [blame]45 help
46 This option enables support of hashing using SHA256 algorithm
47 with legacy crypto library.
48
49config SHA512_LEGACY
50 bool "Enable SHA512 support with legacy crypto library"
Raymond Mao9f4ca0d2025-02-03 14:08:14 -0800[diff] [blame]51 depends on LEGACY_HASHING && SHA512
Raymond Maoa571b982024-10-03 14:50:16 -0700[diff] [blame]52 default y if TI_SECURE_DEVICE && FIT_SIGNATURE
53 help
54 This option enables support of hashing using SHA512 algorithm
55 with legacy crypto library.
56
57config SHA384_LEGACY
58 bool "Enable SHA384 support with legacy crypto library"
Raymond Mao9f4ca0d2025-02-03 14:08:14 -0800[diff] [blame]59 depends on LEGACY_HASHING && SHA384
Raymond Maoa571b982024-10-03 14:50:16 -0700[diff] [blame]60 select SHA512_LEGACY
61 help
62 This option enables support of hashing using SHA384 algorithm
63 with legacy crypto library.
64
65config MD5_LEGACY
66 bool "Enable MD5 support with legacy crypto library"
Raymond Mao9f4ca0d2025-02-03 14:08:14 -0800[diff] [blame]67 depends on LEGACY_HASHING && MD5
Simon Glassc076bb12025-01-26 11:43:11 -0700[diff] [blame]68 help
69 This option enables support of hashing using MD5 algorithm
70 with legacy crypto library.
71
Raymond Mao9f4ca0d2025-02-03 14:08:14 -0800[diff] [blame]72endif # LEGACY_HASHING
Raymond Maoa571b982024-10-03 14:50:16 -0700[diff] [blame]73
Raymond Mao9f4ca0d2025-02-03 14:08:14 -0800[diff] [blame]74config LEGACY_CRYPTO
Raymond Mao87010c32024-10-03 14:50:15 -0700[diff] [blame]75 bool "legacy certificate libraries"
Raymond Mao9f4ca0d2025-02-03 14:08:14 -0800[diff] [blame]76 depends on LEGACY_HASHING_AND_CRYPTO
Raymond Mao2faa4bd2024-10-03 14:50:38 -0700[diff] [blame]77 select ASN1_DECODER_LEGACY if ASN1_DECODER
Raymond Mao702817b2024-10-03 14:50:28 -0700[diff] [blame]78 select ASYMMETRIC_PUBLIC_KEY_LEGACY if \
79 ASYMMETRIC_PUBLIC_KEY_SUBTYPE
Raymond Mao42948e82024-10-03 14:50:36 -0700[diff] [blame]80 select RSA_PUBLIC_KEY_PARSER_LEGACY if RSA_PUBLIC_KEY_PARSER
Raymond Mao7deec0f2024-10-03 14:50:30 -0700[diff] [blame]81 select X509_CERTIFICATE_PARSER_LEGACY if X509_CERTIFICATE_PARSER
Raymond Mao7b3dfd02024-10-03 14:50:32 -0700[diff] [blame]82 select PKCS7_MESSAGE_PARSER_LEGACY if PKCS7_MESSAGE_PARSER
Raymond Mao08f80c82024-10-03 14:50:35 -0700[diff] [blame]83 select MSCODE_PARSER_LEGACY if MSCODE_PARSER
Raymond Mao87010c32024-10-03 14:50:15 -0700[diff] [blame]84 help
85 Enable legacy certificate libraries.
86
Raymond Mao9f4ca0d2025-02-03 14:08:14 -0800[diff] [blame]87if LEGACY_CRYPTO
Raymond Mao702817b2024-10-03 14:50:28 -0700[diff] [blame]88
Raymond Mao2faa4bd2024-10-03 14:50:38 -0700[diff] [blame]89config ASN1_DECODER_LEGACY
90 bool "ASN1 decoder with legacy certificate library"
Raymond Mao9f4ca0d2025-02-03 14:08:14 -0800[diff] [blame]91 depends on LEGACY_CRYPTO && ASN1_DECODER
Raymond Mao2faa4bd2024-10-03 14:50:38 -0700[diff] [blame]92 help
93 This option chooses legacy certificate library for ASN1 decoder.
94
Raymond Mao702817b2024-10-03 14:50:28 -0700[diff] [blame]95config ASYMMETRIC_PUBLIC_KEY_LEGACY
96 bool "Asymmetric public key crypto with legacy certificate library"
Raymond Mao9f4ca0d2025-02-03 14:08:14 -0800[diff] [blame]97 depends on LEGACY_CRYPTO && ASYMMETRIC_PUBLIC_KEY_SUBTYPE
Raymond Mao702817b2024-10-03 14:50:28 -0700[diff] [blame]98 help
99 This option chooses legacy certificate library for asymmetric public
100 key crypto algorithm.
101
Raymond Mao42948e82024-10-03 14:50:36 -0700[diff] [blame]102config RSA_PUBLIC_KEY_PARSER_LEGACY
103 bool "RSA public key parser with legacy certificate library"
104 depends on ASYMMETRIC_PUBLIC_KEY_LEGACY
105 select ASN1_DECODER_LEGACY
106 help
107 This option chooses legacy certificate library for RSA public key
108 parser.
109
Raymond Mao7deec0f2024-10-03 14:50:30 -0700[diff] [blame]110config X509_CERTIFICATE_PARSER_LEGACY
111 bool "X.509 certificate parser with legacy certificate library"
112 depends on ASYMMETRIC_PUBLIC_KEY_LEGACY
113 select ASN1_DECODER_LEGACY
114 help
115 This option chooses legacy certificate library for X509 certificate
116 parser.
117
Raymond Mao7b3dfd02024-10-03 14:50:32 -0700[diff] [blame]118config PKCS7_MESSAGE_PARSER_LEGACY
119 bool "PKCS#7 message parser with legacy certificate library"
120 depends on X509_CERTIFICATE_PARSER_LEGACY
121 select ASN1_DECODER_LEGACY
122 help
123 This option chooses legacy certificate library for PKCS7 message
124 parser.
125
Raymond Mao08f80c82024-10-03 14:50:35 -0700[diff] [blame]126config MSCODE_PARSER_LEGACY
127 bool "MS authenticode parser with legacy certificate library"
Raymond Mao9f4ca0d2025-02-03 14:08:14 -0800[diff] [blame]128 depends on LEGACY_CRYPTO && MSCODE_PARSER
Raymond Mao08f80c82024-10-03 14:50:35 -0700[diff] [blame]129 select ASN1_DECODER_LEGACY
130 help
131 This option chooses legacy certificate library for MS authenticode
132 parser.
133
Raymond Mao87010c32024-10-03 14:50:15 -0700[diff] [blame]134endif # LEGACY_CRYPTO
135
Raymond Mao9f4ca0d2025-02-03 14:08:14 -0800[diff] [blame]136endif # LEGACY_HASHING_AND_CRYPTO || MBEDTLS_LIB_HASHING_ALT
137
Raymond Mao87010c32024-10-03 14:50:15 -0700[diff] [blame]138if MBEDTLS_LIB
139
Raymond Mao9f4ca0d2025-02-03 14:08:14 -0800[diff] [blame]140config MBEDTLS_LIB_HASHING_ALT
141 bool "Replace MbedTLS native hashing with U-Boot legacy libraries"
Raymond Mao87010c32024-10-03 14:50:15 -0700[diff] [blame]142 depends on MBEDTLS_LIB && !MBEDTLS_LIB_CRYPTO
Raymond Mao9f4ca0d2025-02-03 14:08:14 -0800[diff] [blame]143 select LEGACY_HASHING
Raymond Mao87010c32024-10-03 14:50:15 -0700[diff] [blame]144 default y if MBEDTLS_LIB && !MBEDTLS_LIB_CRYPTO
145 help
Raymond Mao9f4ca0d2025-02-03 14:08:14 -0800[diff] [blame]146 Enable MbedTLS hashing alternatives and replace them with legacy hashing
147 libraries.
148 This allows user to use U-Boot legacy hashing algorithms together with
149 other MbedTLS modules.
Raymond Mao87010c32024-10-03 14:50:15 -0700[diff] [blame]150 Mutually incompatible with MBEDTLS_LIB_CRYPTO.
151
152config MBEDTLS_LIB_CRYPTO
Raymond Mao9f4ca0d2025-02-03 14:08:14 -0800[diff] [blame]153 bool "Use MbedTLS native crypto libraries for hashing"
154 default y if MBEDTLS_LIB
Raymond Maof51f3552024-10-03 14:50:19 -0700[diff] [blame]155 select MD5_MBEDTLS if MD5
156 select SHA1_MBEDTLS if SHA1
157 select SHA256_MBEDTLS if SHA256
158 select SHA512_MBEDTLS if SHA512
159 select SHA384_MBEDTLS if SHA384
Raymond Mao87010c32024-10-03 14:50:15 -0700[diff] [blame]160 help
Raymond Mao9f4ca0d2025-02-03 14:08:14 -0800[diff] [blame]161 Enable MbedTLS native crypto libraries.
162 Mutually incompatible with MBEDTLS_LIB_HASHING_ALT.
Raymond Mao87010c32024-10-03 14:50:15 -0700[diff] [blame]163
Raymond Maof51f3552024-10-03 14:50:19 -0700[diff] [blame]164if MBEDTLS_LIB_CRYPTO
165
166config SHA1_MBEDTLS
167 bool "Enable SHA1 support with MbedTLS crypto library"
168 depends on MBEDTLS_LIB_CRYPTO && SHA1
169 help
170 This option enables support of hashing using SHA1 algorithm
171 with MbedTLS crypto library.
172
173config SHA256_MBEDTLS
174 bool "Enable SHA256 support with MbedTLS crypto library"
175 depends on MBEDTLS_LIB_CRYPTO && SHA256
176 help
177 This option enables support of hashing using SHA256 algorithm
178 with MbedTLS crypto library.
179
Raymond Mao001b6132024-10-03 14:50:20 -0700[diff] [blame]180if SHA256_MBEDTLS
181
182config SHA256_SMALLER
183 bool "Enable SHA256 smaller implementation with MbedTLS crypto library"
184 depends on SHA256_MBEDTLS
185 default y if SHA256_MBEDTLS
186 help
187 This option enables support of hashing using SHA256 algorithm
188 smaller implementation with MbedTLS crypto library.
189
190endif
191
Raymond Maof51f3552024-10-03 14:50:19 -0700[diff] [blame]192config SHA512_MBEDTLS
193 bool "Enable SHA512 support with MbedTLS crypto library"
194 depends on MBEDTLS_LIB_CRYPTO && SHA512
195 default y if TI_SECURE_DEVICE && FIT_SIGNATURE
196 help
197 This option enables support of hashing using SHA512 algorithm
198 with MbedTLS crypto library.
199
Raymond Mao001b6132024-10-03 14:50:20 -0700[diff] [blame]200if SHA512_MBEDTLS
201
202config SHA512_SMALLER
203 bool "Enable SHA512 smaller implementation with MbedTLS crypto library"
204 depends on SHA512_MBEDTLS
205 default y if SHA512_MBEDTLS
206 help
207 This option enables support of hashing using SHA512 algorithm
208 smaller implementation with MbedTLS crypto library.
209
210endif
211
Raymond Maof51f3552024-10-03 14:50:19 -0700[diff] [blame]212config SHA384_MBEDTLS
213 bool "Enable SHA384 support with MbedTLS crypto library"
214 depends on MBEDTLS_LIB_CRYPTO && SHA384
215 select SHA512_MBEDTLS
216 help
217 This option enables support of hashing using SHA384 algorithm
218 with MbedTLS crypto library.
219
220config MD5_MBEDTLS
221 bool "Enable MD5 support with MbedTLS crypto library"
222 depends on MBEDTLS_LIB_CRYPTO && MD5
223 help
224 This option enables support of hashing using MD5 algorithm
225 with MbedTLS crypto library.
226
Philippe Reynes1db678a2024-12-19 14:05:48 +0100[diff] [blame]227config HKDF_MBEDTLS
228 bool "Enable HKDF support with MbedTLS crypto library"
229 depends on MBEDTLS_LIB_CRYPTO
230 help
231 This option enables support of key derivation using HKDF algorithm
232 with MbedTLS crypto library.
233
Raymond Maof51f3552024-10-03 14:50:19 -0700[diff] [blame]234endif # MBEDTLS_LIB_CRYPTO
Raymond Mao87010c32024-10-03 14:50:15 -0700[diff] [blame]235
236config MBEDTLS_LIB_X509
237 bool "MbedTLS certificate libraries"
Raymond Mao2faa4bd2024-10-03 14:50:38 -0700[diff] [blame]238 select ASN1_DECODER_MBEDTLS if ASN1_DECODER
Raymond Mao702817b2024-10-03 14:50:28 -0700[diff] [blame]239 select ASYMMETRIC_PUBLIC_KEY_MBEDTLS if \
240 ASYMMETRIC_PUBLIC_KEY_SUBTYPE
Raymond Mao42948e82024-10-03 14:50:36 -0700[diff] [blame]241 select RSA_PUBLIC_KEY_PARSER_MBEDTLS if RSA_PUBLIC_KEY_PARSER
Raymond Mao7deec0f2024-10-03 14:50:30 -0700[diff] [blame]242 select X509_CERTIFICATE_PARSER_MBEDTLS if X509_CERTIFICATE_PARSER
Raymond Mao7b3dfd02024-10-03 14:50:32 -0700[diff] [blame]243 select PKCS7_MESSAGE_PARSER_MBEDTLS if PKCS7_MESSAGE_PARSER
Raymond Maocd17ac22024-10-03 14:50:34 -0700[diff] [blame]244 select MSCODE_PARSER_MBEDTLS if MSCODE_PARSER
Raymond Mao87010c32024-10-03 14:50:15 -0700[diff] [blame]245 help
246 Enable MbedTLS certificate libraries.
247
Raymond Mao702817b2024-10-03 14:50:28 -0700[diff] [blame]248if MBEDTLS_LIB_X509
249
Raymond Mao2faa4bd2024-10-03 14:50:38 -0700[diff] [blame]250config ASN1_DECODER_MBEDTLS
251 bool "ASN1 decoder with MbedTLS certificate library"
252 depends on MBEDTLS_LIB_X509 && ASN1_DECODER
253 help
254 This option chooses MbedTLS certificate library for ASN1 decoder.
255
Raymond Mao702817b2024-10-03 14:50:28 -0700[diff] [blame]256config ASYMMETRIC_PUBLIC_KEY_MBEDTLS
257 bool "Asymmetric public key crypto with MbedTLS certificate library"
258 depends on MBEDTLS_LIB_X509 && ASYMMETRIC_PUBLIC_KEY_SUBTYPE
259 help
260 This option chooses MbedTLS certificate library for asymmetric public
261 key crypto algorithm.
262
Raymond Mao42948e82024-10-03 14:50:36 -0700[diff] [blame]263config RSA_PUBLIC_KEY_PARSER_MBEDTLS
264 bool "RSA public key parser with MbedTLS certificate library"
265 depends on ASYMMETRIC_PUBLIC_KEY_MBEDTLS
266 select ASN1_DECODER_MBEDTLS
267 help
268 This option chooses MbedTLS certificate library for RSA public key
269 parser.
270
Raymond Mao7deec0f2024-10-03 14:50:30 -0700[diff] [blame]271config X509_CERTIFICATE_PARSER_MBEDTLS
272 bool "X.509 certificate parser with MbedTLS certificate library"
273 depends on ASYMMETRIC_PUBLIC_KEY_MBEDTLS
274 select ASN1_DECODER_MBEDTLS
275 help
276 This option chooses MbedTLS certificate library for X509 certificate
277 parser.
278
Raymond Mao7b3dfd02024-10-03 14:50:32 -0700[diff] [blame]279config PKCS7_MESSAGE_PARSER_MBEDTLS
280 bool "PKCS#7 message parser with MbedTLS certificate library"
281 depends on X509_CERTIFICATE_PARSER_MBEDTLS
282 select ASN1_DECODER_MBEDTLS
283 help
284 This option chooses MbedTLS certificate library for PKCS7 message
285 parser.
286
Raymond Maocd17ac22024-10-03 14:50:34 -0700[diff] [blame]287config MSCODE_PARSER_MBEDTLS
288 bool "MS authenticode parser with MbedTLS certificate library"
289 depends on MBEDTLS_LIB_X509 && MSCODE_PARSER
290 select ASN1_DECODER_MBEDTLS
291 help
292 This option chooses MbedTLS certificate library for MS authenticode
293 parser.
294
Raymond Mao9f4ca0d2025-02-03 14:08:14 -0800[diff] [blame]295endif # MBEDTLS_LIB_X509
296
297config MBEDTLS_LIB_TLS
298 bool "MbedTLS TLS library"
299 depends on RSA_PUBLIC_KEY_PARSER_MBEDTLS
300 depends on X509_CERTIFICATE_PARSER_MBEDTLS
301 depends on ASYMMETRIC_PUBLIC_KEY_MBEDTLS
302 depends on ASN1_DECODER_MBEDTLS
303 depends on MBEDTLS_LIB
304 help
305 Enable MbedTLS TLS library. Required for HTTPs support
306 in wget
307
308endif # MBEDTLS_LIB
309
310# For SPL
311
Raymond Mao702817b2024-10-03 14:50:28 -0700[diff] [blame]312if SPL
313
Raymond Mao9f4ca0d2025-02-03 14:08:14 -0800[diff] [blame]314choice
315 prompt "Crypto libraries (SPL)"
316 default SPL_LEGACY_HASHING_AND_CRYPTO
317 help
318 Select crypto libraries in SPL.
319 SPL_LEGACY_HASHING_AND_CRYPTO for legacy crypto libraries,
320 SPL_MBEDTLS_LIB for MbedTLS libraries.
321
322config SPL_LEGACY_HASHING_AND_CRYPTO
323 bool "legacy crypto libraries"
324 select SPL_LEGACY_HASHING
325 select SPL_LEGACY_CRYPTO
326
327config SPL_MBEDTLS_LIB
328 bool "MbedTLS libraries"
329 select SPL_MBEDTLS_LIB_X509
330endchoice
331
332if SPL_LEGACY_HASHING_AND_CRYPTO || SPL_MBEDTLS_LIB_HASHING_ALT
333
334config SPL_LEGACY_HASHING
335 bool "Use U-Boot legacy hashing libraries (SPL)"
336 select SPL_MD5_LEGACY if SPL_MD5
337 select SPL_SHA1_LEGACY if SPL_SHA1
338 select SPL_SHA256_LEGACY if SPL_SHA256
339 select SPL_SHA512_LEGACY if SPL_SHA512
340 select SPL_SHA384_LEGACY if SPL_SHA384
341 help
342 Enable U-Boot legacy hashing libraries in SPL.
343
344if SPL_LEGACY_HASHING
345
346config SPL_SHA1_LEGACY
347 bool "Enable SHA1 support with legacy crypto library (SPL)"
348 depends on SPL_LEGACY_HASHING && SPL_SHA1
349 help
350 This option enables support of hashing using SHA1 algorithm
351 with legacy crypto library in SPL.
352
353config SPL_SHA256_LEGACY
354 bool "Enable SHA256 support with legacy crypto library (SPL)"
355 depends on SPL_LEGACY_HASHING && SPL_SHA256
356 help
357 This option enables support of hashing using SHA256 algorithm
358 with legacy crypto library in SPL.
359
360config SPL_SHA512_LEGACY
361 bool "Enable SHA512 support with legacy crypto library (SPL)"
362 depends on SPL_LEGACY_HASHING && SPL_SHA512
363 help
364 This option enables support of hashing using SHA512 algorithm
365 with legacy crypto library in SPL.
366
367config SPL_SHA384_LEGACY
368 bool "Enable SHA384 support with legacy crypto library (SPL)"
369 depends on SPL_LEGACY_HASHING && SPL_SHA384
370 select SPL_SHA512_LEGACY
371 help
372 This option enables support of hashing using SHA384 algorithm
373 with legacy crypto library in SPL.
374
375config SPL_MD5_LEGACY
376 bool "Enable MD5 support with legacy crypto library (SPL)"
377 depends on SPL_LEGACY_HASHING && SPL_MD5
378 help
379 This option enables support of hashing using MD5 algorithm
380 with legacy crypto library in SPL.
381
382endif # SPL_LEGACY_HASHING
383
384config SPL_LEGACY_CRYPTO
385 bool "legacy certificate libraries (SPL)"
386 depends on SPL_LEGACY_HASHING_AND_CRYPTO
387 select SPL_ASN1_DECODER_LEGACY if SPL_ASN1_DECODER
388 select SPL_ASYMMETRIC_PUBLIC_KEY_LEGACY if \
389 SPL_ASYMMETRIC_PUBLIC_KEY_SUBTYPE
390 select SPL_RSA_PUBLIC_KEY_PARSER_LEGACY if SPL_RSA_PUBLIC_KEY_PARSER
391 help
392 Enable legacy certificate libraries in SPL.
393
394if SPL_LEGACY_CRYPTO
395
396config SPL_ASN1_DECODER_LEGACY
397 bool "ASN1 decoder with legacy certificate library (SPL)"
398 depends on SPL_LEGACY_CRYPTO && SPL_ASN1_DECODER
399 help
400 This option chooses legacy certificate library for ASN1 decoder in
401 SPL.
402
403config SPL_ASYMMETRIC_PUBLIC_KEY_LEGACY
404 bool "Asymmetric public key crypto with legacy certificate library (SPL)"
405 depends on SPL_LEGACY_CRYPTO && SPL_ASYMMETRIC_PUBLIC_KEY_SUBTYPE
406 help
407 This option chooses legacy certificate library for asymmetric public
408 key crypto algorithm in SPL.
409
410config SPL_RSA_PUBLIC_KEY_PARSER_LEGACY
411 bool "RSA public key parser with legacy certificate library (SPL)"
412 depends on SPL_ASYMMETRIC_PUBLIC_KEY_LEGACY
413 select SPL_ASN1_DECODER_LEGACY
414 help
415 This option chooses legacy certificate library for RSA public key
416 parser in SPL.
417
418endif # SPL_LEGACY_CRYPTO
419
420endif # SPL_LEGACY_HASHING_AND_CRYPTO || SPL_MBEDTLS_LIB_HASHING_ALT
421
422if SPL_MBEDTLS_LIB
423
424config SPL_MBEDTLS_LIB_HASHING_ALT
425 bool "Replace MbedTLS native hashing with U-Boot legacy libraries (SPL)"
426 depends on SPL_MBEDTLS_LIB && !SPL_MBEDTLS_LIB_CRYPTO
427 select SPL_LEGACY_HASHING
428 default y if SPL_MBEDTLS_LIB && !SPL_MBEDTLS_LIB_CRYPTO
429 help
430 Enable MbedTLS hashing alternatives and replace them with legacy hashing
431 libraries in SPL.
432 This allows user to use U-Boot legacy hashing algorithms together with
433 other MbedTLS modules.
434 Mutually incompatible with SPL_MBEDTLS_LIB_CRYPTO.
435
436config SPL_MBEDTLS_LIB_CRYPTO
437 bool "Use MbedTLS native crypto libraries for hashing (SPL)"
438 default y if SPL_MBEDTLS_LIB
439 select SPL_MD5_MBEDTLS if SPL_MD5
440 select SPL_SHA1_MBEDTLS if SPL_SHA1
441 select SPL_SHA256_MBEDTLS if SPL_SHA256
442 select SPL_SHA512_MBEDTLS if SPL_SHA512
443 select SPL_SHA384_MBEDTLS if SPL_SHA384
444 help
445 Enable MbedTLS native crypto libraries in SPL.
446
447if SPL_MBEDTLS_LIB_CRYPTO
448
449config SPL_SHA1_MBEDTLS
450 bool "Enable SHA1 support with MbedTLS crypto library (SPL)"
451 depends on SPL_MBEDTLS_LIB_CRYPTO && SPL_SHA1
452 help
453 This option enables support of hashing using SHA1 algorithm
454 with MbedTLS crypto library in SPL.
455
456config SPL_SHA256_MBEDTLS
457 bool "Enable SHA256 support with MbedTLS crypto library (SPL)"
458 depends on SPL_MBEDTLS_LIB_CRYPTO && SPL_SHA256
459 help
460 This option enables support of hashing using SHA256 algorithm
461 with MbedTLS crypto library in SPL.
462
463config SPL_SHA512_MBEDTLS
464 bool "Enable SHA512 support with MbedTLS crypto library (SPL)"
465 depends on SPL_MBEDTLS_LIB_CRYPTO && SPL_SHA512
466 help
467 This option enables support of hashing using SHA512 algorithm
468 with MbedTLS crypto library in SPL.
469
470config SPL_SHA384_MBEDTLS
471 bool "Enable SHA384 support with MbedTLS crypto library (SPL)"
472 depends on SPL_MBEDTLS_LIB_CRYPTO && SPL_SHA384
473 select SPL_SHA512
474 help
475 This option enables support of hashing using SHA384 algorithm
476 with MbedTLS crypto library in SPL.
477
478config SPL_MD5_MBEDTLS
479 bool "Enable MD5 support with MbedTLS crypto library (SPL)"
480 depends on SPL_MBEDTLS_LIB_CRYPTO && SPL_MD5
481 help
482 This option enables support of hashing using MD5 algorithm
483 with MbedTLS crypto library in SPL.
484
485config SPL_HKDF_MBEDTLS
486 bool "Enable HKDF support with MbedTLS crypto library (SPL)"
487 depends on SPL_MBEDTLS_LIB_CRYPTO
488 help
489 This option enables support of key derivation using HKDF algorithm
490 with MbedTLS crypto library in SPL.
491
492endif # SPL_MBEDTLS_LIB_CRYPTO
493
494config SPL_MBEDTLS_LIB_X509
495 bool "MbedTLS certificate libraries (SPL)"
496 select SPL_ASN1_DECODER_MBEDTLS if SPL_ASN1_DECODER
497 select SPL_ASYMMETRIC_PUBLIC_KEY_MBEDTLS if \
498 SPL_ASYMMETRIC_PUBLIC_KEY_SUBTYPE
499 select SPL_RSA_PUBLIC_KEY_PARSER_MBEDTLS if SPL_RSA_PUBLIC_KEY_PARSER
500 help
501 Enable MbedTLS certificate libraries in SPL.
502
503if SPL_MBEDTLS_LIB_X509
504
Raymond Mao2faa4bd2024-10-03 14:50:38 -0700[diff] [blame]505config SPL_ASN1_DECODER_MBEDTLS
Raymond Mao9f4ca0d2025-02-03 14:08:14 -0800[diff] [blame]506 bool "ASN1 decoder with MbedTLS certificate library (SPL)"
507 depends on SPL_MBEDTLS_LIB_X509 && SPL_ASN1_DECODER
Raymond Mao2faa4bd2024-10-03 14:50:38 -0700[diff] [blame]508 help
509 This option chooses MbedTLS certificate library for ASN1 decoder in
510 SPL.
511
Raymond Mao702817b2024-10-03 14:50:28 -0700[diff] [blame]512config SPL_ASYMMETRIC_PUBLIC_KEY_MBEDTLS
Raymond Mao9f4ca0d2025-02-03 14:08:14 -0800[diff] [blame]513 bool "Asymmetric public key crypto with MbedTLS certificate library (SPL)"
514 depends on SPL_MBEDTLS_LIB_X509 && SPL_ASYMMETRIC_PUBLIC_KEY_SUBTYPE
Raymond Mao702817b2024-10-03 14:50:28 -0700[diff] [blame]515 help
516 This option chooses MbedTLS certificate library for asymmetric public
517 key crypto algorithm in SPL.
518
Raymond Mao42948e82024-10-03 14:50:36 -0700[diff] [blame]519config SPL_RSA_PUBLIC_KEY_PARSER_MBEDTLS
Raymond Mao9f4ca0d2025-02-03 14:08:14 -0800[diff] [blame]520 bool "RSA public key parser with MbedTLS certificate library (SPL)"
Raymond Mao42948e82024-10-03 14:50:36 -0700[diff] [blame]521 depends on SPL_ASYMMETRIC_PUBLIC_KEY_MBEDTLS
522 select SPL_ASN1_DECODER_MBEDTLS
523 help
524 This option chooses MbedTLS certificate library for RSA public key
525 parser in SPL.
526
Raymond Mao9f4ca0d2025-02-03 14:08:14 -0800[diff] [blame]527endif # SPL_MBEDTLS_LIB_X509
528
529config SPL_MBEDTLS_LIB_TLS
530 bool "MbedTLS TLS library (SPL)"
531 depends on SPL_RSA_PUBLIC_KEY_PARSER_MBEDTLS
532 depends on SPL_X509_CERTIFICATE_PARSER_MBEDTLS
533 depends on SPL_ASYMMETRIC_PUBLIC_KEY_MBEDTLS
534 depends on SPL_ASN1_DECODER_MBEDTLS
535 depends on SPL_MBEDTLS_LIB
536 help
537 Enable MbedTLS TLS library in SPL. Required for HTTPs support
538 in wget
539
540endif # SPL_MBEDTLS_LIB
541
Raymond Mao702817b2024-10-03 14:50:28 -0700[diff] [blame]542endif # SPL
543
Raymond Mao9f4ca0d2025-02-03 14:08:14 -0800[diff] [blame]544# For TPL
Raymond Mao702817b2024-10-03 14:50:28 -0700[diff] [blame]545
Raymond Mao9f4ca0d2025-02-03 14:08:14 -0800[diff] [blame]546if TPL
547
548choice
549 prompt "Crypto libraries (TPL)"
550 default TPL_LEGACY_HASHING_AND_CRYPTO
Ilias Apalodimas9f75dc12024-11-10 10:28:37 +0200[diff] [blame]551 help
Raymond Mao9f4ca0d2025-02-03 14:08:14 -0800[diff] [blame]552 Select crypto libraries in TPL.
553 TPL_LEGACY_HASHING_AND_CRYPTO for legacy crypto libraries,
554 TPL_MBEDTLS_LIB for MbedTLS libraries.
Ilias Apalodimas9f75dc12024-11-10 10:28:37 +0200[diff] [blame]555
Raymond Mao9f4ca0d2025-02-03 14:08:14 -0800[diff] [blame]556config TPL_LEGACY_HASHING_AND_CRYPTO
557 bool "legacy crypto libraries"
558 select TPL_LEGACY_HASHING
559 select TPL_LEGACY_CRYPTO
560
561config TPL_MBEDTLS_LIB
562 bool "MbedTLS libraries"
563
564endchoice
565
566if TPL_LEGACY_HASHING_AND_CRYPTO || TPL_MBEDTLS_LIB_HASHING_ALT
567
568config TPL_LEGACY_HASHING
569 bool "Use U-Boot legacy hashing libraries (TPL)"
570 select TPL_MD5_LEGACY if TPL_MD5
571 select TPL_SHA1_LEGACY if TPL_SHA1
572 select TPL_SHA256_LEGACY if TPL_SHA256
573 select TPL_SHA512_LEGACY if TPL_SHA512
574 select TPL_SHA384_LEGACY if TPL_SHA384
575 help
576 Enable U-Boot legacy hashing libraries in TPL.
577
578if TPL_LEGACY_HASHING
579
580config TPL_SHA1_LEGACY
581 bool "Enable SHA1 support with legacy crypto library (TPL)"
582 depends on TPL_LEGACY_HASHING && TPL_SHA1
583 help
584 This option enables support of hashing using SHA1 algorithm
585 with legacy crypto library in TPL.
586
587config TPL_SHA256_LEGACY
588 bool "Enable SHA256 support with legacy crypto library (TPL)"
589 depends on TPL_LEGACY_HASHING && TPL_SHA256
590 help
591 This option enables support of hashing using SHA256 algorithm
592 with legacy crypto library in TPL.
593
594config TPL_SHA512_LEGACY
595 bool "Enable SHA512 support with legacy crypto library (TPL)"
596 depends on TPL_LEGACY_HASHING && TPL_SHA512
597 help
598 This option enables support of hashing using SHA512 algorithm
599 with legacy crypto library in TPL.
600
601config TPL_SHA384_LEGACY
602 bool "Enable SHA384 support with legacy crypto library (TPL)"
603 depends on TPL_LEGACY_HASHING && TPL_SHA384
604 select TPL_SHA512_LEGACY
605 help
606 This option enables support of hashing using SHA384 algorithm
607 with legacy crypto library in TPL.
608
609config TPL_MD5_LEGACY
610 bool "Enable MD5 support with legacy crypto library (TPL)"
611 depends on TPL_LEGACY_HASHING && TPL_MD5
612 help
613 This option enables support of hashing using MD5 algorithm
614 with legacy crypto library in TPL.
615
616endif # TPL_LEGACY_HASHING
617
618endif # TPL_LEGACY_HASHING_AND_CRYPTO || TPL_MBEDTLS_LIB_HASHING_ALT
619
620if TPL_MBEDTLS_LIB
621
622config TPL_MBEDTLS_LIB_HASHING_ALT
623 bool "Replace MbedTLS native hashing with U-Boot legacy libraries (TPL)"
624 depends on TPL_MBEDTLS_LIB && !TPL_MBEDTLS_LIB_CRYPTO
625 select TPL_LEGACY_HASHING
626 default y if TPL_MBEDTLS_LIB && !TPL_MBEDTLS_LIB_CRYPTO
627 help
628 Enable MbedTLS hashing alternatives and replace them with legacy hashing
629 libraries in TPL.
630 This allows user to use U-Boot legacy hashing algorithms together with
631 other MbedTLS modules.
632 Mutually incompatible with TPL_MBEDTLS_LIB_CRYPTO.
633
634config TPL_MBEDTLS_LIB_CRYPTO
635 bool "Use MbedTLS native crypto libraries for hashing (TPL)"
636 default y if TPL_MBEDTLS_LIB
637 select TPL_MD5_MBEDTLS if TPL_MD5
638 select TPL_SHA1_MBEDTLS if TPL_SHA1
639 select TPL_SHA256_MBEDTLS if TPL_SHA256
640 select TPL_SHA512_MBEDTLS if TPL_SHA512
641 select TPL_SHA384_MBEDTLS if TPL_SHA384
642 help
643 Enable MbedTLS native crypto libraries in TPL.
644
645if TPL_MBEDTLS_LIB_CRYPTO
646
647config TPL_SHA1_MBEDTLS
648 bool "Enable SHA1 support with MbedTLS crypto library (TPL)"
649 depends on TPL_MBEDTLS_LIB_CRYPTO && TPL_SHA1
650 help
651 This option enables support of hashing using SHA1 algorithm
652 with MbedTLS crypto library in TPL.
653
654config TPL_SHA256_MBEDTLS
655 bool "Enable SHA256 support with MbedTLS crypto library (TPL)"
656 depends on TPL_MBEDTLS_LIB_CRYPTO && TPL_SHA256
657 help
658 This option enables support of hashing using SHA256 algorithm
659 with MbedTLS crypto library in TPL.
660
661config TPL_SHA512_MBEDTLS
662 bool "Enable SHA512 support with MbedTLS crypto library (TPL)"
663 depends on TPL_MBEDTLS_LIB_CRYPTO && TPL_SHA512
664 help
665 This option enables support of hashing using SHA512 algorithm
666 with MbedTLS crypto library in TPL.
667
668config TPL_SHA384_MBEDTLS
669 bool "Enable SHA384 support with MbedTLS crypto library (TPL)"
670 depends on TPL_MBEDTLS_LIB_CRYPTO && TPL_SHA384
671 select TPL_SHA512
672 help
673 This option enables support of hashing using SHA384 algorithm
674 with MbedTLS crypto library in TPL.
675
676config TPL_MD5_MBEDTLS
677 bool "Enable MD5 support with MbedTLS crypto library (TPL)"
678 depends on TPL_MBEDTLS_LIB_CRYPTO && TPL_MD5
679 help
680 This option enables support of hashing using MD5 algorithm
681 with MbedTLS crypto library in TPL.
682
683config TPL_HKDF_MBEDTLS
684 bool "Enable HKDF support with MbedTLS crypto library (TPL)"
685 depends on TPL_MBEDTLS_LIB_CRYPTO
686 help
687 This option enables support of key derivation using HKDF algorithm
688 with MbedTLS crypto library in TPL.
689
690endif # TPL_MBEDTLS_LIB_CRYPTO
691
692endif # TPL_MBEDTLS_LIB
693
694endif # TPL
695
696# For VPL
697
698if VPL
699
700choice
701 prompt "Crypto libraries (VPL)"
702 default VPL_LEGACY_HASHING_AND_CRYPTO
703 help
704 Select crypto libraries in VPL.
705 VPL_LEGACY_HASHING_AND_CRYPTO for legacy crypto libraries,
706 VPL_MBEDTLS_LIB for MbedTLS libraries.
707
708config VPL_LEGACY_HASHING_AND_CRYPTO
709 bool "legacy crypto libraries"
710 select VPL_LEGACY_HASHING
711
712config VPL_MBEDTLS_LIB
713 bool "MbedTLS libraries"
714
715endchoice
716
717if VPL_LEGACY_HASHING_AND_CRYPTO || VPL_MBEDTLS_LIB_HASHING_ALT
718
719config VPL_LEGACY_HASHING
720 bool "Use U-Boot legacy hashing libraries (VPL)"
721 select VPL_MD5_LEGACY if VPL_MD5
722 select VPL_SHA1_LEGACY if VPL_SHA1
723 select VPL_SHA256_LEGACY if VPL_SHA256
724 select VPL_SHA512_LEGACY if VPL_SHA512
725 select VPL_SHA384_LEGACY if VPL_SHA384
726 help
727 Enable U-Boot legacy hashing libraries in VPL.
728
729if VPL_LEGACY_HASHING
730
731config VPL_SHA1_LEGACY
732 bool "Enable SHA1 support with legacy crypto library (VPL)"
733 depends on VPL_LEGACY_HASHING && VPL_SHA1
734 help
735 This option enables support of hashing using SHA1 algorithm
736 with legacy crypto library in VPL.
737
738config VPL_SHA256_LEGACY
739 bool "Enable SHA256 support with legacy crypto library (VPL)"
740 depends on VPL_LEGACY_HASHING && VPL_SHA256
741 help
742 This option enables support of hashing using SHA256 algorithm
743 with legacy crypto library in VPL.
744
745config VPL_SHA512_LEGACY
746 bool "Enable SHA512 support with legacy crypto library (VPL)"
747 depends on VPL_LEGACY_HASHING && VPL_SHA512
748 help
749 This option enables support of hashing using SHA512 algorithm
750 with legacy crypto library in VPL.
751
752config VPL_SHA384_LEGACY
753 bool "Enable SHA384 support with legacy crypto library (VPL)"
754 depends on VPL_LEGACY_HASHING && VPL_SHA384
755 select VPL_SHA512_LEGACY
756 help
757 This option enables support of hashing using SHA384 algorithm
758 with legacy crypto library in VPL.
759
760config VPL_MD5_LEGACY
761 bool "Enable MD5 support with legacy crypto library (VPL)"
762 depends on VPL_LEGACY_HASHING && VPL_MD5
763 help
764 This option enables support of hashing using MD5 algorithm
765 with legacy crypto library in VPL.
766
767endif # VPL_LEGACY_HASHING
768
769endif # VPL_LEGACY_HASHING_AND_CRYPTO || VPL_MBEDTLS_LIB_HASHING_ALT
770
771if VPL_MBEDTLS_LIB
772
773config VPL_MBEDTLS_LIB_HASHING_ALT
774 bool "Replace MbedTLS native hashing with U-Boot legacy libraries (VPL)"
775 depends on VPL_MBEDTLS_LIB && !VPL_MBEDTLS_LIB_CRYPTO
776 select VPL_LEGACY_HASHING
777 default y if VPL_MBEDTLS_LIB && !VPL_MBEDTLS_LIB_CRYPTO
778 help
779 Enable MbedTLS hashing alternatives and replace them with legacy hashing
780 libraries in VPL.
781 This allows user to use U-Boot legacy hashing algorithms together with
782 other MbedTLS modules.
783 Mutually incompatible with VPL_MBEDTLS_LIB_CRYPTO.
784
785config VPL_MBEDTLS_LIB_CRYPTO
786 bool "Use MbedTLS native crypto libraries for hashing (VPL)"
787 default y if VPL_MBEDTLS_LIB
788 select VPL_MD5_MBEDTLS if VPL_MD5
789 select VPL_SHA1_MBEDTLS if VPL_SHA1
790 select VPL_SHA256_MBEDTLS if VPL_SHA256
791 select VPL_SHA512_MBEDTLS if VPL_SHA512
792 select VPL_SHA384_MBEDTLS if VPL_SHA384
793 help
794 Enable MbedTLS native crypto libraries in VPL.
795
796if VPL_MBEDTLS_LIB_CRYPTO
797
798config VPL_SHA1_MBEDTLS
799 bool "Enable SHA1 support with MbedTLS crypto library (VPL)"
800 depends on VPL_MBEDTLS_LIB_CRYPTO && VPL_SHA1
801 help
802 This option enables support of hashing using SHA1 algorithm
803 with MbedTLS crypto library in VPL.
804
805config VPL_SHA256_MBEDTLS
806 bool "Enable SHA256 support with MbedTLS crypto library (VPL)"
807 depends on VPL_MBEDTLS_LIB_CRYPTO && VPL_SHA256
808 help
809 This option enables support of hashing using SHA256 algorithm
810 with MbedTLS crypto library in VPL.
811
812config VPL_SHA512_MBEDTLS
813 bool "Enable SHA512 support with MbedTLS crypto library (VPL)"
814 depends on VPL_MBEDTLS_LIB_CRYPTO && VPL_SHA512
815 help
816 This option enables support of hashing using SHA512 algorithm
817 with MbedTLS crypto library in VPL.
818
819config VPL_SHA384_MBEDTLS
820 bool "Enable SHA384 support with MbedTLS crypto library (VPL)"
821 depends on VPL_MBEDTLS_LIB_CRYPTO && VPL_SHA384
822 select VPL_SHA512
823 help
824 This option enables support of hashing using SHA384 algorithm
825 with MbedTLS crypto library in VPL.
826
827config VPL_MD5_MBEDTLS
828 bool "Enable MD5 support with MbedTLS crypto library (VPL)"
829 depends on VPL_MBEDTLS_LIB_CRYPTO && VPL_MD5
830 help
831 This option enables support of hashing using MD5 algorithm
832 with MbedTLS crypto library in VPL.
833
834config VPL_HKDF_MBEDTLS
835 bool "Enable HKDF support with MbedTLS crypto library (VPL)"
836 depends on VPL_MBEDTLS_LIB_CRYPTO
837 help
838 This option enables support of key derivation using HKDF algorithm
839 with MbedTLS crypto library in VPL.
840
841endif # VPL_MBEDTLS_LIB_CRYPTO
842
843endif # VPL_MBEDTLS_LIB
844
845endif # VPL