2 files changed, 15 insertions, 0 deletions

diff --git a/src/security/vboot/Kconfig b/src/security/vboot/Kconfig
index 9d90d1ee92..56e94d52ae 100644
--- a/src/security/vboot/Kconfig
+++ b/src/security/vboot/Kconfig
@@ -301,6 +301,15 @@ config VBOOT_X86_SHA256_ACCELERATION
 	  Use sha256msg1, sha256msg2, sha256rnds2 instruction to accelerate
 	  SHA hash calculation in vboot.
 
+config VBOOT_X86_RSA_ACCELERATION
+	bool "Use SSE2 instructions for RSA signature verification"
+	default n
+	depends on ARCH_X86
+	help
+	  Use paddq, pmuludq, psrlq, punpckldq and punpcklqdq SSE2
+	  instructions to accelerate the modulus exponentiation which
+	  is part of the RSA signature verification process.
+
 config VBOOT_ARMV8_CE_SHA256_ACCELERATION
 	bool "Use ARMv8 Crypto Extension for sha256 hash calculation"
 	default y if CHROMEOS
diff --git a/src/security/vboot/Makefile.inc b/src/security/vboot/Makefile.inc
index fadc67320f..1689efb155 100644
--- a/src/security/vboot/Makefile.inc
+++ b/src/security/vboot/Makefile.inc
@@ -30,6 +30,8 @@ $$(VBOOT_LIB_$(1)): $(obj)/config.h
 	EC_EFS="$(CONFIG_VBOOT_EC_EFS)" \
 	X86_SHA_EXT="$(if $(CONFIG_ARCH_$(call toupper,$(1))_X86_32)$(CONFIG_ARCH_$(call toupper,$(1))_X86_64),$\
 			$(CONFIG_VBOOT_X86_SHA256_ACCELERATION))" \
+	VB2_X86_RSA_ACCELERATION="$(if $(CONFIG_ARCH_$(call toupper,$(1))_X86_32)$(CONFIG_ARCH_$(call toupper,$(1))_X86_64),$\
+			$(CONFIG_VBOOT_X86_RSA_ACCELERATION))" \
 	ARMV8_CRYPTO_EXT="$(if $(CONFIG_ARCH_$(call toupper,$(1))_ARMV8_64),$$(CONFIG_VBOOT_ARMV8_CE_SHA256_ACCELERATION))" \
 	$(MAKE) -C $(VBOOT_SOURCE) \
 		BUILD=$$(abspath $$(dir $$(VBOOT_LIB_$(1)))) \
@@ -129,6 +131,10 @@ ramstage-$(CONFIG_MRC_SAVE_HASH_IN_TPM) += mrc_cache_hash_tpm.c
 
 ramstage-$(CONFIG_SOC_AMD_GFX_CACHE_VBIOS_IN_FMAP) += vbios_cache_hash_tpm.c
 
+ifeq ($(CONFIG_VBOOT_X86_RSA_ACCELERATION),y)
+CPPFLAGS_common += -DVB2_X86_RSA_ACCELERATION
+endif
+
 ifeq ($(CONFIG_VBOOT_SEPARATE_VERSTAGE),y)
 
 $(eval $(call vboot-for-stage,verstage))