u-boot.git/lib/rsa/Kconfig, branch master Unnamed repository; edit this file 'description' to name the repository. treewide: fix uImage.FIT document paths 2026-03-27T09:50:29+00:00 Daniel Golle daniel@makrotopia.org 2026-02-27T00:03:29+00:00 72cc446490e74fdf392f5e049cf8fd28d9c6818d Commit 488445cefa1 ("doc: Move FIT into its own directory") moved the documentation in doc/uImage.FIT to doc/usage/fit, subsequently all documents and example sources have been converted to reStructuredText. Fix (almost) all of the remaining occurrences of the old path and filenames across the tree. The exception is doc/uImage.FIT/command_syntax_extensions.txt which apparently has been removed entirely, or at least I was unable to locate where that document is now. Signed-off-by: Daniel Golle <daniel@makrotopia.org> 
Commit 488445cefa1 ("doc: Move FIT into its own directory") moved the
documentation in doc/uImage.FIT to doc/usage/fit, subsequently all
documents and example sources have been converted to reStructuredText.

Fix (almost) all of the remaining occurrences of the old path and
filenames across the tree.

The exception is doc/uImage.FIT/command_syntax_extensions.txt which
apparently has been removed entirely, or at least I was unable to
locate where that document is now.

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
Merge patch series "rsa: fix dependency, rename and relocate RSASSA PSS symbols" 2025-11-11T20:53:33+00:00 Tom Rini trini@konsulko.com 2025-11-11T20:53:33+00:00 62e89de7698a637c673b08ec129941d8079a5405 Quentin Schulz <foss+uboot@0leil.net> says: While historically signature verification is mostly done for FIT such FIT_SIGNATURE dependency for signature algorithm makes sense, it isn't the only kind of file we can verify signatures of. It can also be done manually with rsa_verify_hash() with an embedded public key. Considering the impacted code is guarded by RSA_VERIFY, let's make the symbol depend on that otherwise selecting it without RSA_VERIFY won't do anything. The FIT_SIGNATURE dependency wasn't also enough before as it only implied RSA_VERIFY. Then, simply relocate the RSA SSA PSS padding with the other RSA symbols in lib/rsa instead of in boot/ and rename it to remove the mention to FIT. Finally, add the PSS padding wherever PKCS1.5 padding is specified as one or the other can be used. Link: https://lore.kernel.org/r/20251031-rsa-pss-always-v2-0-a29184ea064d@cherry.de 
Quentin Schulz <foss+uboot@0leil.net> says:

While historically signature verification is mostly done for FIT such
FIT_SIGNATURE dependency for signature algorithm makes sense, it isn't
the only kind of file we can verify signatures of. It can also be done
manually with rsa_verify_hash() with an embedded public key.

Considering the impacted code is guarded by RSA_VERIFY, let's make the
symbol depend on that otherwise selecting it without RSA_VERIFY won't do
anything. The FIT_SIGNATURE dependency wasn't also enough before as it
only implied RSA_VERIFY.

Then, simply relocate the RSA SSA PSS padding with the other RSA symbols
in lib/rsa instead of in boot/ and rename it to remove the mention to
FIT.

Finally, add the PSS padding wherever PKCS1.5 padding is specified as
one or the other can be used.

Link: https://lore.kernel.org/r/20251031-rsa-pss-always-v2-0-a29184ea064d@cherry.de
rsa: rename FIT_RSASSA_PSS to RSASSA_PSS and move symbols under lib/rsa 2025-11-11T20:53:25+00:00 Quentin Schulz quentin.schulz@cherry.de 2025-10-31T17:08:23+00:00 360dd89b361dde2a0bbad65763538e1eea7d3c94 This renames FIT_RSASSA_PSS symbols to drop the FIT_ prefix to avoid potential confusion since there's nothing FIT specific to those symbols. It also isn't really related to booting, so boot/Kconfig is an odd place for them to live. Since they make sense only in relation with RSA, simply move them to lib/rsa where it makes more sense for them to reside. Signed-off-by: Quentin Schulz <quentin.schulz@cherry.de> 
This renames FIT_RSASSA_PSS symbols to drop the FIT_ prefix to avoid
potential confusion since there's nothing FIT specific to those symbols.

It also isn't really related to booting, so boot/Kconfig is an odd place
for them to live. Since they make sense only in relation with RSA,
simply move them to lib/rsa where it makes more sense for them to
reside.

Signed-off-by: Quentin Schulz <quentin.schulz@cherry.de>
rsa: fix typo in $(PHASE_)RSA_VERIFY_WITH_PKEY help text 2025-11-06T23:32:33+00:00 Quentin Schulz quentin.schulz@cherry.de 2025-10-29T11:20:27+00:00 64ba0aa9f48cd3c2bba92c1f15a9da4c21000d2e Signed-off-by: Quentin Schulz <quentin.schulz@cherry.de> 
Signed-off-by: Quentin Schulz <quentin.schulz@cherry.de>
spl: Ensure all SPL symbols in Kconfig have some SPL dependency 2022-07-07T13:29:08+00:00 Tom Rini trini@konsulko.com 2022-06-11T03:03:09+00:00 b340199f828e7d57945785b698ff97469972d1ca Tighten up symbol dependencies in a number of places. Ensure that a SPL specific option has at least a direct dependency on SPL. In places where it's clear that we depend on something more specific, use that dependency instead. This means in a very small number of places we can drop redundant dependencies. Reported-by: Pali Rohár <pali@kernel.org> Signed-off-by: Tom Rini <trini@konsulko.com> 
Tighten up symbol dependencies in a number of places.  Ensure that a SPL
specific option has at least a direct dependency on SPL.  In places
where it's clear that we depend on something more specific, use that
dependency instead.  This means in a very small number of places we can
drop redundant dependencies.

Reported-by: Pali Rohár <pali@kernel.org>
Signed-off-by: Tom Rini <trini@konsulko.com>
lib: rsa: allow rsa verify with pkey in SPL 2022-03-31T18:12:01+00:00 Philippe Reynes philippe.reynes@softathome.com 2022-03-28T20:56:58+00:00 f6bacf1d489090c8fca1d442cedd8902d8f5acec This commit adds the option SPL_RSA_VERIFY_WITH_PKEY. Reviewed-by: Simon Glass <sjg@chromium.org> Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> 
This commit adds the option SPL_RSA_VERIFY_WITH_PKEY.

Reviewed-by: Simon Glass <sjg@chromium.org>
Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
crypto: aspeed: Add AST2600 ACRY support 2021-11-17T22:05:00+00:00 Chia-Wei Wang chiawei_wang@aspeedtech.com 2021-10-27T06:17:30+00:00 89c36cca0b697d80a6ed063b945d66cc59a761a8 ACRY is designed to accelerate ECC/RSA digital signature generation and verification. Signed-off-by: Chia-Wei Wang <chiawei_wang@aspeedtech.com> 
ACRY is designed to accelerate ECC/RSA digital signature
generation and verification.

Signed-off-by: Chia-Wei Wang <chiawei_wang@aspeedtech.com>
Kconfig: Don't use RSA_FREESCALE_EXP on MX7ULP 2021-10-07T14:53:50+00:00 Ricardo Salveti ricardo@foundries.io 2021-08-28T07:41:22+00:00 7ce83854f2af53dfdd2ca2cdaab98933c6eaf56b The CAAM on IMX7ULP doesn't support public key hardware acceleration (PKHA), as in other NXP parts. Disable RSA_FREESCALE_EXP for IMX7ULP too. Fixed: f4e9ff7135 ("Kconfig: Don't use RSA_FREESCALE_EXP on IMX") Signed-off-by: Ricardo Salveti <ricardo@foundries.io> Signed-off-by: Oleksandr Suvorov <oleksandr.suvorov@foundries.io> 
The CAAM on IMX7ULP doesn't support public key hardware acceleration
(PKHA), as in other NXP parts. Disable RSA_FREESCALE_EXP for IMX7ULP
too.

Fixed: f4e9ff7135 ("Kconfig: Don't use RSA_FREESCALE_EXP on IMX")
Signed-off-by: Ricardo Salveti <ricardo@foundries.io>
Signed-off-by: Oleksandr Suvorov <oleksandr.suvorov@foundries.io>
lib: rsa: fix dependency for SPL_RSA_VERIFY 2021-10-06T13:15:14+00:00 Oleksandr Suvorov oleksandr.suvorov@foundries.io 2021-09-16T12:03:36+00:00 d4f05b3198b68bc6e2c42b8d7e53d36a2fc9d52c SPL_RSA_VERIFY requires SPL_RSA to be enabled. Add correct dependency. Signed-off-by: Oleksandr Suvorov <oleksandr.suvorov@foundries.io> 
SPL_RSA_VERIFY requires SPL_RSA to be enabled. Add correct
dependency.

Signed-off-by: Oleksandr Suvorov <oleksandr.suvorov@foundries.io>
lib: rsa: generate additional parameters for public key 2020-03-12T12:20:39+00:00 AKASHI Takahiro takahiro.akashi@linaro.org 2020-02-21T06:12:58+00:00 e0d310b098b1e3dd2ad4e0e4efbbb81b90ae4bc7 In the current implementation of FIT_SIGNATURE, five parameters for a RSA public key are required while only two of them are essential. (See rsa-mod-exp.h and uImage.FIT/signature.txt) This is a result of considering relatively limited computer power and resources on embedded systems, while such a assumption may not be quite practical for other use cases. In this patch, added is a function, rsa_gen_key_prop(), which will generate additional parameters for other uses, in particular UEFI secure boot, on the fly. Note: the current code uses some "big number" routines from BearSSL for the calculation. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> 
In the current implementation of FIT_SIGNATURE, five parameters for
a RSA public key are required while only two of them are essential.
(See rsa-mod-exp.h and uImage.FIT/signature.txt)
This is a result of considering relatively limited computer power
and resources on embedded systems, while such a assumption may not
be quite practical for other use cases.

In this patch, added is a function, rsa_gen_key_prop(), which will
generate additional parameters for other uses, in particular
UEFI secure boot, on the fly.

Note: the current code uses some "big number" routines from BearSSL
for the calculation.

Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>