diff options
| author | Sascha Hauer <s.hauer@pengutronix.de> | 2019-10-01 23:40:24 +0200 |
|---|---|---|
| committer | Sascha Hauer <s.hauer@pengutronix.de> | 2019-10-15 14:55:11 +0200 |
| commit | b39100bcea12b29d64c536ea5f4c57380dfcf056 (patch) | |
| tree | a0a33c844c9552e4e46aba3f01109332b63af1a8 /crypto/Kconfig | |
| parent | d091a81f3ece732826dd4dec0b241624159ae1d6 (diff) | |
| download | barebox-b39100bcea12b29d64c536ea5f4c57380dfcf056.tar.gz barebox-b39100bcea12b29d64c536ea5f4c57380dfcf056.tar.xz | |
rsa: Allow to directly compile in rsa public keys
So far we relied on the U-Boot mkimage tool to generate us device tree
snippets containing rsa public keys which we then compiled into barebox.
Make this easier and allow to directly specify a filename or PKCS#11 URI
in Kconfig. With this we no longer need the U-Boot mkimage tool here and
no more external steps to prepare device tree snippets.
With this rsa public keys can be directly compiled as C structs into
barebox which is much more direct than putting it into the device tree.
Signed-off-by: Sascha Hauer <s.hauer@pengutronix.de>
Diffstat (limited to 'crypto/Kconfig')
| -rw-r--r-- | crypto/Kconfig | 19 |
1 files changed, 19 insertions, 0 deletions
diff --git a/crypto/Kconfig b/crypto/Kconfig index c06d3c054e..7cc8aceacb 100644 --- a/crypto/Kconfig +++ b/crypto/Kconfig @@ -94,6 +94,25 @@ config CRYPTO_PBKDF2 config CRYPTO_RSA bool +config CRYPTO_RSA_BUILTIN_KEYS + bool + default y if CRYPTO_RSA_KEY != "" + +config CRYPTO_RSA_KEY + depends on CRYPTO_RSA + string "RSA key to compile in" + help + This option should be a filename of a PEM-formatted file containing + X.509 certificates to be included into barebox. If the string starts + with "pkcs11:" it is interpreted as a PKCS#11 URI rather than a file. + +config CRYPTO_RSA_KEY_NAME_HINT + depends on CRYPTO_RSA + string "FIT image key name hint" + help + In FIT images keys are identified by a key name hint string. Provide + the key name hint here. + config CRYPTO_KEYSTORE bool "Keystore" help |