boot: fix incorrect dependency of FIT_RSASSA_PSS

This padding has nothing to do with FIT except that we can make use of
it when verifying the FIT signatures.

This padding can also be used to verify the signature "manually" e.g. by
calling rsa_verify_hash() directly with an embedded public key.

Additionally, this padding is only useful if RSA (and specifically
RSA_VERIFY) is enabled otherwise it's not used.
The only other place it's used is in rsa-sign.c which is only built for
the host tools and handled by TOOLS_FIT_RSASSA_PSS symbol instead, so no
need to care for that one.

Finally, the FIT_SIGNATURE dependency also wasn't enough because it only
implies RSA_VERIFY, meaning it can be disabled and still have
FIT_RSASSA_PSS enabled.

So add a dependency on RSA_VERIFY and reword the input prompt.

Signed-off-by: Quentin Schulz <quentin.schulz@cherry.de>

diff --git a/boot/Kconfig b/boot/Kconfig
index 9adb051400f3659566721fff6531e25990266806..c5159b3b73bf453268d1a2de13e06e19db24abd5 100644 (file)
--- a/boot/Kconfig
+++ b/boot/Kconfig
@@ -117,8 +117,8 @@ config FIT_SIGNATURE_MAX_SIZE
          space.
 
 config FIT_RSASSA_PSS
-       bool "Support rsassa-pss signature scheme of FIT image contents"
-       depends on FIT_SIGNATURE
+       bool "Support rsassa-pss signature scheme"
+       depends on RSA_VERIFY
        help
          Enable this to support the pss padding algorithm as described
          in the rfc8017 (https://tools.ietf.org/html/rfc8017).
@@ -225,8 +225,8 @@ config SPL_FIT_SIGNATURE_MAX_SIZE
          space.
 
 config SPL_FIT_RSASSA_PSS
-       bool "Support rsassa-pss signature scheme of FIT image contents in SPL"
-       depends on SPL_FIT_SIGNATURE
+       bool "Support rsassa-pss signature scheme in SPL"
+       depends on SPL_RSA_VERIFY
        help
          Enable this to support the pss padding algorithm as described
          in the rfc8017 (https://tools.ietf.org/html/rfc8017) in SPL.