[EXTERNAL] Re: [PATCH v2 6/6] test: dm: Add test for ECDSA UCLASS support

Tim Romanski tromanski at linux.microsoft.com
Wed Apr 7 19:29:55 CEST 2021


Update on current progress on U-Boot ECDSA verification: I've isolated 
the OpenSSL code required to verify a signature signed with the 
nistp256v1 curve, and I've written a small test program to show that the 
code works without any external dependencies [1]. Currently fitting the 
code into Alex's fork of U-Boot.

Question for Alex, I see your repo has a few branches related to ECDSA 
(patch-ecdsa-v[1-5], patch-mkimage-keyfile-v{1,2}). You sent me a link 
to 'patch-ecdsa-v1' in a previous email, is that the one that's being 
upstreamed? Should I be working off a different branch or is that one ok?

Tim

[1] https://github.com/timr11/openssl-ecdsa-verify

On 2021-03-30 2:27 p.m., Tim Romanski wrote:
> On 3/30/21 2:17PM, Alexandru Gagniuc <mr.nuke.me at gmail.com> wrote:
>> I don't have any updates from Tim that you don't. I assume he's still silently hacking at it.
> Yep, I'm working on a software implementation of ECDSA. Currently have the OpenSSL implementation for the nistp256 curve isolated, debugging a test program that verifies a signature on data that was randomly generated, then will need to clean up unnecessary code and fit it into U-Boot.
>
> CC'd my @linux.microsoft.com email, I prefer to use that one from now on.
>
> All the best,
> Tim
>
> -----Original Message-----
> From: Alex G. <mr.nuke.me at gmail.com>
> Sent: March 29, 2021 2:43 PM
> To: Simon Glass <sjg at chromium.org>
> Cc: U-Boot Mailing List <u-boot at lists.denx.de>; Tom Rini <trini at konsulko.com>; Tim Romanski <t-tromanski at microsoft.com>
> Subject: [EXTERNAL] Re: [PATCH v2 6/6] test: dm: Add test for ECDSA UCLASS support
>
> + Tim
>
> On 3/29/21 2:43 AM, Simon Glass wrote:
>> Hi Alexandru,
>>
>> On Tue, 16 Mar 2021 at 13:24, Alexandru Gagniuc <mr.nuke.me at gmail.com> wrote:
>>> This test verifies that ECDSA_UCLASS is implemented, and that
>>> ecdsa_verify() works as expected. The definition of "expected" is
>>> "does not find a device, and returns -ENODEV".
>>>
>>> The lack of a hardware-independent ECDSA implementation prevents us
>>> from having one in the sandbox, for now.
>> Yes we do need a software impl at some point. Any update on that?
> I don't have any updates from Tim that you don't. I assume he's still silently hacking at it.
>
> Alex


More information about the U-Boot mailing list