diff options
author | Soby Mathew <soby.mathew@arm.com> | 2017-08-31 11:50:29 +0100 |
---|---|---|
committer | Soby Mathew <soby.mathew@arm.com> | 2017-08-31 16:42:11 +0100 |
commit | a8eb286adaa73e86305317b9cae15d41c57de8e7 (patch) | |
tree | dfb4cbd2168a73d0dabf2e2472e9a414a40dc916 /docs | |
parent | 2091755c5e3b8d94333b9aad742e61db9d754cc5 (diff) |
cert_tool: Support for legacy RSA PKCS#1 v1.5
This patch enables choice of RSA version at run time to be used for
generating signatures by the cert_tool. The RSA PSS as defined in
PKCS#1 v2.1 becomes the default version and this patch enables to specify
the RSA PKCS#1 v1.5 algorithm to `cert_create` through the command line
-a option. Also, the build option `KEY_ALG` can be used to pass this
option from the build system. Please note that RSA PSS is mandated
by Trusted Board Boot requirements (TBBR) and legacy RSA support is
being added for compatibility reasons.
Fixes ARM-Software/tf-issues#499
Change-Id: Ifaa3f2f7c9b43f3d7b3effe2cde76bf6745a5d73
Co-Authored-By: Eleanor Bonnici <Eleanor.bonnici@arm.com>
Signed-off-by: Soby Mathew <soby.mathew@arm.com>
Diffstat (limited to 'docs')
-rw-r--r-- | docs/user-guide.rst | 6 |
1 files changed, 4 insertions, 2 deletions
diff --git a/docs/user-guide.rst b/docs/user-guide.rst index 1502c8c1..1181495c 100644 --- a/docs/user-guide.rst +++ b/docs/user-guide.rst @@ -407,8 +407,10 @@ Common build options - ``KEY_ALG``: This build flag enables the user to select the algorithm to be used for generating the PKCS keys and subsequent signing of the certificate. - It accepts 2 values viz ``rsa``, ``ecdsa``. The default value of this flag - is ``rsa``. + It accepts 3 values viz ``rsa``, ``rsa_1_5``, ``ecdsa``. The ``rsa_1_5`` is + the legacy PKCS#1 RSA 1.5 algorithm which is not TBBR compliant and is + retained only for compatibility. The default value of this flag is ``rsa`` + which is the TBBR compliant PKCS#1 RSA 2.1 scheme. - ``LDFLAGS``: Extra user options appended to the linkers' command line in addition to the one set by the build system. |