From: Ahmad Fatoum <a.fatoum@pengutronix.de>
To: Sascha Hauer <s.hauer@pengutronix.de>,
Barebox List <barebox@lists.infradead.org>
Subject: Re: [PATCH v4 08/16] crypto: rsa: include key name hint into CONFIG_CRYPTO_RSA_KEY
Date: Fri, 27 Sep 2024 09:55:42 +0200 [thread overview]
Message-ID: <db84ae7d-c690-474f-87be-c0897fd2425f@pengutronix.de> (raw)
In-Reply-To: <20240913075924.1652866-9-s.hauer@pengutronix.de>
On 13.09.24 09:59, Sascha Hauer wrote:
> Set the key name hint in CONFIG_CRYPTO_RSA_KEY. CONFIG_CRYPTO_RSA_KEY
> now has the form:
>
> <key_name_hint>:<filename/uri>
>
> This is done in preparation to make CONFIG_CRYPTO_RSA_KEY a list of
> keys.
>
> Signed-off-by: Sascha Hauer <s.hauer@pengutronix.de>
Reviewed-by: Ahmad Fatoum <a.fatoum@pengutronix.de>
> ---
> crypto/Kconfig | 9 ++-------
> crypto/Makefile | 2 +-
> 2 files changed, 3 insertions(+), 8 deletions(-)
>
> diff --git a/crypto/Kconfig b/crypto/Kconfig
> index 78b499f646..64a016eb2c 100644
> --- a/crypto/Kconfig
> +++ b/crypto/Kconfig
> @@ -130,17 +130,12 @@ config CRYPTO_RSA_KEY
> This option should be a filename of a PEM-formatted file containing
> X.509 certificates to be included into barebox. If the string starts
> with "pkcs11:" it is interpreted as a PKCS#11 URI rather than a file.
> + If the string starts with a <hint>: prefix, <hint> is used as a key
> + name hint to find a key without iterating over all keys.
>
> This avoids the mkimage dependency of CONFIG_BOOTM_FITIMAGE_PUBKEY
> at the cost of an openssl build-time dependency.
>
> -config CRYPTO_RSA_KEY_NAME_HINT
> - depends on CRYPTO_RSA
> - string "FIT image key name hint"
> - help
> - In FIT images keys are identified by a key name hint string. Provide
> - the key name hint here.
> -
> config CRYPTO_KEYSTORE
> bool "Keystore"
> help
> diff --git a/crypto/Makefile b/crypto/Makefile
> index 5a484355f3..b2bd7fae6a 100644
> --- a/crypto/Makefile
> +++ b/crypto/Makefile
> @@ -30,5 +30,5 @@ $(obj)/rsa.o: $(obj)/rsa-keys.h
> CONFIG_CRYPTO_RSA_KEY := $(CONFIG_CRYPTO_RSA_KEY:"%"=%)
>
> $(obj)/rsa-keys.h: FORCE
> - $(call cmd,public_keys,$(CONFIG_CRYPTO_RSA_KEY_NAME_HINT):$(CONFIG_CRYPTO_RSA_KEY))
> + $(call cmd,public_keys,$(CONFIG_CRYPTO_RSA_KEY))
> endif
--
Pengutronix e.K. | |
Steuerwalder Str. 21 | http://www.pengutronix.de/ |
31137 Hildesheim, Germany | Phone: +49-5121-206917-0 |
Amtsgericht Hildesheim, HRA 2686 | Fax: +49-5121-206917-5555 |
next prev parent reply other threads:[~2024-09-27 7:57 UTC|newest]
Thread overview: 33+ messages / expand[flat|nested] mbox.gz Atom feed top
2024-09-13 7:59 [PATCH v4 00/16] Add ECDSA support for FIT image verification Sascha Hauer
2024-09-13 7:59 ` [PATCH v4 01/16] keytoc: remove ECDSA dts support Sascha Hauer
2024-09-25 8:53 ` Ahmad Fatoum
2024-09-13 7:59 ` [PATCH v4 02/16] keytoc: fail in case gen_key() fails Sascha Hauer
2024-09-25 8:53 ` Ahmad Fatoum
2024-09-13 7:59 ` [PATCH v4 03/16] keytoc: fix ECDSA endianess problems Sascha Hauer
2024-09-27 8:11 ` Ahmad Fatoum
2024-09-13 7:59 ` [PATCH v4 04/16] keytoc: remove duplicate __ENV__ check Sascha Hauer
2024-09-27 6:59 ` Ahmad Fatoum
2024-09-13 7:59 ` [PATCH v4 05/16] crypto: Makefile: make simpler Sascha Hauer
2024-09-27 7:01 ` Ahmad Fatoum
2024-09-13 7:59 ` [PATCH v4 06/16] crypto/Makefile: Drop unnecessary dependencies Sascha Hauer
2024-09-27 7:03 ` Ahmad Fatoum
2024-09-13 7:59 ` [PATCH v4 07/16] keytoc: make key name hint optional Sascha Hauer
2024-09-27 8:18 ` Ahmad Fatoum
2024-09-13 7:59 ` [PATCH v4 08/16] crypto: rsa: include key name hint into CONFIG_CRYPTO_RSA_KEY Sascha Hauer
2024-09-27 7:55 ` Ahmad Fatoum [this message]
2024-09-13 7:59 ` [PATCH v4 09/16] crypto: rsa: encapsulate rsa keys in public keys struct Sascha Hauer
2024-09-27 8:02 ` Ahmad Fatoum
2024-09-27 11:11 ` Sascha Hauer
2024-09-13 7:59 ` [PATCH v4 10/16] crypto: add public_key functions Sascha Hauer
2024-09-27 8:20 ` Ahmad Fatoum
2024-09-13 7:59 ` [PATCH v4 11/16] crypto: builtin_keys: Allow to specify multiple keys in CONFIG_CRYPTO_PUBLIC_KEYS Sascha Hauer
2024-09-25 8:22 ` Sascha Hauer
2024-09-13 7:59 ` [PATCH v4 12/16] crypto: public-keys: use array of public_keys Sascha Hauer
2024-09-13 7:59 ` [PATCH v4 13/16] crypto: rsa: create static inline wrapper for rsa_verify() Sascha Hauer
2024-09-27 8:09 ` Ahmad Fatoum
2024-09-13 7:59 ` [PATCH v4 14/16] Add elliptic curve cryptography (ECC) helper functions Sascha Hauer
2024-09-13 7:59 ` [PATCH v4 15/16] crypto: add ECDSA support Sascha Hauer
2024-09-27 8:07 ` Ahmad Fatoum
2024-09-13 7:59 ` [PATCH v4 16/16] crypto: make RSA a visible option Sascha Hauer
2024-09-27 11:23 ` [PATCH v4 00/16] Add ECDSA support for FIT image verification Sascha Hauer
2024-09-27 11:23 ` Sascha Hauer
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=db84ae7d-c690-474f-87be-c0897fd2425f@pengutronix.de \
--to=a.fatoum@pengutronix.de \
--cc=barebox@lists.infradead.org \
--cc=s.hauer@pengutronix.de \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox