From 63686bf6e02b57a259e6e08d6439a7d1e154f5cc Mon Sep 17 00:00:00 2001 From: Quentin Schulz Date: Fri, 31 Oct 2025 18:08:20 +0100 Subject: [PATCH] boot: fix incorrect dependency of FIT_RSASSA_PSS This padding has nothing to do with FIT except that we can make use of it when verifying the FIT signatures. This padding can also be used to verify the signature "manually" e.g. by calling rsa_verify_hash() directly with an embedded public key. Additionally, this padding is only useful if RSA (and specifically RSA_VERIFY) is enabled otherwise it's not used. The only other place it's used is in rsa-sign.c which is only built for the host tools and handled by TOOLS_FIT_RSASSA_PSS symbol instead, so no need to care for that one. Finally, the FIT_SIGNATURE dependency also wasn't enough because it only implies RSA_VERIFY, meaning it can be disabled and still have FIT_RSASSA_PSS enabled. So add a dependency on RSA_VERIFY and reword the input prompt. Signed-off-by: Quentin Schulz --- boot/Kconfig | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/boot/Kconfig b/boot/Kconfig index 9adb051400f..c5159b3b73b 100644 --- a/boot/Kconfig +++ b/boot/Kconfig @@ -117,8 +117,8 @@ config FIT_SIGNATURE_MAX_SIZE space. config FIT_RSASSA_PSS - bool "Support rsassa-pss signature scheme of FIT image contents" - depends on FIT_SIGNATURE + bool "Support rsassa-pss signature scheme" + depends on RSA_VERIFY help Enable this to support the pss padding algorithm as described in the rfc8017 (https://tools.ietf.org/html/rfc8017). @@ -225,8 +225,8 @@ config SPL_FIT_SIGNATURE_MAX_SIZE space. config SPL_FIT_RSASSA_PSS - bool "Support rsassa-pss signature scheme of FIT image contents in SPL" - depends on SPL_FIT_SIGNATURE + bool "Support rsassa-pss signature scheme in SPL" + depends on SPL_RSA_VERIFY help Enable this to support the pss padding algorithm as described in the rfc8017 (https://tools.ietf.org/html/rfc8017) in SPL. -- 2.47.3