lib: rsa: allow rsa verify with pkey in SPL

This commit adds the option SPL_RSA_VERIFY_WITH_PKEY.

Reviewed-by: Simon Glass <sjg@chromium.org>
Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>

diff --git a/lib/rsa/Kconfig b/lib/rsa/Kconfig
index be9775bccebd005acc25cc13b4b05f42d35a066c..b773f17c261e2938728fd0967ee97f3b9b5ebdfb 100644 (file)
--- a/lib/rsa/Kconfig
+++ b/lib/rsa/Kconfig
@@ -47,6 +47,25 @@ config RSA_VERIFY_WITH_PKEY
          directly specified in image_sign_info, where all the necessary
          key properties will be calculated on the fly in verification code.
 
+config SPL_RSA_VERIFY_WITH_PKEY
+       bool "Execute RSA verification without key parameters from FDT within SPL"
+       depends on SPL
+       select SPL_RSA_VERIFY
+       select SPL_ASYMMETRIC_KEY_TYPE
+       select SPL_ASYMMETRIC_PUBLIC_KEY_SUBTYPE
+       select SPL_RSA_PUBLIC_KEY_PARSER
+       help
+         The standard RSA-signature verification code (FIT_SIGNATURE) uses
+         pre-calculated key properties, that are stored in fdt blob, in
+         decrypting a signature.
+         This does not suit the use case where there is no way defined to
+         provide such additional key properties in standardized form,
+         particularly UEFI secure boot.
+         This options enables RSA signature verification with a public key
+         directly specified in image_sign_info, where all the necessary
+         key properties will be calculated on the fly in verification code
+         in the SPL.
+
 config RSA_SOFTWARE_EXP
        bool "Enable driver for RSA Modular Exponentiation in software"
        depends on DM