verified-boot: Minimal support for booting U-Boot proper from SPL
This allows a board to configure verified boot within the SPL using
a FIT or FIT with external data. It also allows the SPL to perform
signature verification without needing relocation.
The board configuration will need to add the following feature defines:
CONFIG_SPL_CRYPTO_SUPPORT
CONFIG_SPL_HASH_SUPPORT
CONFIG_SPL_SHA256
In this example, SHA256 is the only selected hashing algorithm.
And the following booleans:
CONFIG_SPL=y
CONFIG_SPL_DM=y
CONFIG_SPL_LOAD_FIT=y
CONFIG_SPL_FIT=y
CONFIG_SPL_OF_CONTROL=y
CONFIG_SPL_OF_LIBFDT=y
CONFIG_SPL_FIT_SIGNATURE=y
Signed-off-by: Teddy Reed <teddy.reed@gmail.com>
Acked-by: Simon Glass <sjg@chromium.org>
Acked-by: Andreas Dannenberg <dannenberg@ti.com>
Acked-by: Sumit Garg <sumit.garg@nxp.com>
diff --git a/lib/rsa/Kconfig b/lib/rsa/Kconfig
index 86df0a0..09ec358 100644
--- a/lib/rsa/Kconfig
+++ b/lib/rsa/Kconfig
@@ -13,6 +13,10 @@
option. The software based modular exponentiation is built into
mkimage irrespective of this option.
+config SPL_RSA
+ bool "Use RSA Library within SPL"
+ depends on RSA
+
if RSA
config RSA_SOFTWARE_EXP
bool "Enable driver for RSA Modular Exponentiation in software"
diff --git a/lib/rsa/Makefile b/lib/rsa/Makefile
index 6867e50..4b2c1ba 100644
--- a/lib/rsa/Makefile
+++ b/lib/rsa/Makefile
@@ -7,5 +7,5 @@
# SPDX-License-Identifier: GPL-2.0+
#
-obj-$(CONFIG_FIT_SIGNATURE) += rsa-verify.o rsa-checksum.o
+obj-$(CONFIG_$(SPL_)FIT_SIGNATURE) += rsa-verify.o rsa-checksum.o
obj-$(CONFIG_RSA_SOFTWARE_EXP) += rsa-mod-exp.o