From b983cc2da0bafd73a4dfc069eb3c3a98677e2d92 Mon Sep 17 00:00:00 2001 From: AKASHI Takahiro Date: Fri, 21 Feb 2020 15:12:55 +0900 Subject: lib: rsa: decouple rsa from FIT image verification Introduce new configuration, CONFIG_RSA_VERIFY which will decouple building RSA functions from FIT verification and allow for adding a RSA-based signature verification for other file formats, in particular PE file for UEFI secure boot. Signed-off-by: AKASHI Takahiro Reviewed-by: Simon Glass --- common/image-fit.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) (limited to 'common/image-fit.c') diff --git a/common/image-fit.c b/common/image-fit.c index f3bb00c98a..9357e66e1f 100644 --- a/common/image-fit.c +++ b/common/image-fit.c @@ -1269,7 +1269,7 @@ int fit_image_verify_with_data(const void *fit, int image_noffset, int ret; /* Verify all required signatures */ - if (IMAGE_ENABLE_VERIFY && + if (FIT_IMAGE_ENABLE_VERIFY && fit_image_verify_required_sigs(fit, image_noffset, data, size, gd_fdt_blob(), &verify_all)) { err_msg = "Unable to verify required signature"; @@ -1291,7 +1291,7 @@ int fit_image_verify_with_data(const void *fit, int image_noffset, &err_msg)) goto error; puts("+ "); - } else if (IMAGE_ENABLE_VERIFY && verify_all && + } else if (FIT_IMAGE_ENABLE_VERIFY && verify_all && !strncmp(name, FIT_SIG_NODENAME, strlen(FIT_SIG_NODENAME))) { ret = fit_image_check_sig(fit, noffset, data, @@ -1949,7 +1949,7 @@ int fit_image_load(bootm_headers_t *images, ulong addr, if (image_type == IH_TYPE_KERNEL) images->fit_uname_cfg = fit_base_uname_config; - if (IMAGE_ENABLE_VERIFY && images->verify) { + if (FIT_IMAGE_ENABLE_VERIFY && images->verify) { puts(" Verifying Hash Integrity ... "); if (fit_config_verify(fit, cfg_noffset)) { puts("Bad Data Hash\n"); -- cgit v1.2.1