boot: fix incorrect dependency of FIT_RSASSA_PSS

This padding has nothing to do with FIT except that we can make use of
it when verifying the FIT signatures.

This padding can also be used to verify the signature "manually" e.g. by
calling rsa_verify_hash() directly with an embedded public key.

Additionally, this padding is only useful if RSA (and specifically
RSA_VERIFY) is enabled otherwise it's not used.
The only other place it's used is in rsa-sign.c which is only built for
the host tools and handled by TOOLS_FIT_RSASSA_PSS symbol instead, so no
need to care for that one.

Finally, the FIT_SIGNATURE dependency also wasn't enough because it only
implies RSA_VERIFY, meaning it can be disabled and still have
FIT_RSASSA_PSS enabled.

So add a dependency on RSA_VERIFY and reword the input prompt.

Signed-off-by: Quentin Schulz <[email protected]>

1 files changed, 4 insertions, 4 deletions

diff --git a/boot/Kconfig b/boot/Kconfig
index 9adb051400f..c5159b3b73b 100644
--- a/boot/Kconfig
+++ b/boot/Kconfig
@@ -117,8 +117,8 @@ config FIT_SIGNATURE_MAX_SIZE
 	  space.
 
 config FIT_RSASSA_PSS
-	bool "Support rsassa-pss signature scheme of FIT image contents"
-	depends on FIT_SIGNATURE
+	bool "Support rsassa-pss signature scheme"
+	depends on RSA_VERIFY
 	help
 	  Enable this to support the pss padding algorithm as described
 	  in the rfc8017 (https://tools.ietf.org/html/rfc8017).
@@ -225,8 +225,8 @@ config SPL_FIT_SIGNATURE_MAX_SIZE
 	  space.
 
 config SPL_FIT_RSASSA_PSS
-	bool "Support rsassa-pss signature scheme of FIT image contents in SPL"
-	depends on SPL_FIT_SIGNATURE
+	bool "Support rsassa-pss signature scheme in SPL"
+	depends on SPL_RSA_VERIFY
 	help
 	  Enable this to support the pss padding algorithm as described
 	  in the rfc8017 (https://tools.ietf.org/html/rfc8017) in SPL.