efi: Correct dependency on FIT_SIGNATURE

At present EFI_SECURE BOOT selects RSA but does not necessarily enable FIT_SIGNATURE. Mostly this is fine, but a few boards do not enable it, so U-Boot tries to do RSA verification when loading FIT images, but it is not enabled. This worked because the condition for checking the RSA signature is wrong in the fit_image_verify_with_data() function. In order to fix it we need to fix this dependency. Make sure that FIT_SIGNATURE is enabled so that RSA can be used. It might be better to avoid using 'select' in this situation. Signed-off-by: Simon Glass <sjg@chromium.org>
author: Simon Glass <sjg@chromium.org> 2021-09-25 19:43:29 -0600
committer: Tom Rini <trini@konsulko.com> 2021-10-08 15:53:27 -0400
commit: 1eccbb16a2c0427488d91e169572c3c397c4c1d5 (patch)
tree: 6f427f7fe153dec1741da9a65ba7cf1359070cd0
parent: fa13940740e5ce1822611205bb8ac329c91306fd (diff)
1 files changed, 1 insertions, 1 deletions
diff --git a/lib/efi_loader/Kconfig b/lib/efi_loader/Kconfig
index 3d5a5cd189e..83d584a60e5 100644
--- a/lib/efi_loader/Kconfig
+++ b/lib/efi_loader/Kconfig
@@ -336,7 +336,7 @@ config EFI_LOAD_FILE2_INITRD
 
 config EFI_SECURE_BOOT
 	bool "Enable EFI secure boot support"
-	depends on EFI_LOADER
+	depends on EFI_LOADER && FIT_SIGNATURE
 	select HASH
 	select SHA256
 	select RSA
author	Simon Glass <sjg@chromium.org>	2021-09-25 19:43:29 -0600
committer	Tom Rini <trini@konsulko.com>	2021-10-08 15:53:27 -0400
commit	1eccbb16a2c0427488d91e169572c3c397c4c1d5 (patch)
tree	6f427f7fe153dec1741da9a65ba7cf1359070cd0
parent	fa13940740e5ce1822611205bb8ac329c91306fd (diff)