[PATCH 0/5] Enable ECDSA FIT verification for stm32mp

Patrick DELAUNAY patrick.delaunay at foss.st.com
Tue Feb 9 16:08:55 CET 2021


Hi Alexandru,

On 1/11/21 4:41 PM, Alexandru Gagniuc wrote:
> This series is Part II of the ECDSA saga. It applies on top of [1]: *  > [PATCH v4 0/6] Add support for ECDSA image signing (with test) > > 
I've designed the UCLASS_ECDSA such that it aligns with the ROM API > of 
the stm32mp. Instead of splitting the verification into (1) curve > 
operations and (2) modular exponentiation, I've concatenated > 
everything in a 'verify' step. It would be impossible to split the > 
steps and use the stm32mp ROM for verification. > > Should more granular 
control be required, this API could be extended > at a later time. Until 
we have more hardware supporting ECDSA, this > is purely speculative. > 
 > The ROM API of the stm32mp is passed in 'r0' when the FSBL is > 
called. While we can save 'r0' in SPL, this series does not implement > 
a mechanism to pass this to u-boot. Thus the ROM API, and ECDSA > 
verification are only available for SPL. Although extending this to > 
u-boot by adding the ROM address to the FDT blob, implementing and > 
verifying this is beyond the scope of this series.

For information, today the STMicroelectronics expected that the boot 
sequence for secure boot

(with closed STM32MP1 devices) is the trusted boot chain.



TF-A (BL2) => OP-TEE or      => U-Boot =>  OS

                         TF-A (BL32)


BL2 is authenticated by ROM code, with EDCSA support.


I next OpenSTLinux release (and soon after in upstream) 
STMicroelectronics will add FIP support

for STM32MP15x; TF-A FIP allows to boot Kernel after TF-A BL2 if you 
want to skip U-Boot

TF-A (BL2) => FIP (OP-TEE + Kernel)


And the FIP allow authentication with certificate for 'secured boot' 
with a complete chain of trust.

https://trustedfirmware-a.readthedocs.io/en/latest/index.html


So the ECDSA support in SPL for STM32MP15x will be not actively 
supported by STMicroelectronics for product design.


> 

>  > [1] https://lists.denx.de/pipermail/u-boot/2021-January/436935.html > 
 > Alexandru Gagniuc (5): dm: crypto: Define UCLASS API for ECDSA > 
signature verification lib: ecdsa: Add skeleton to implement ecdsa > 
verification in u-boot lib: ecdsa: Implement signature verification > 
for crypto_algo API arm: stm32mp1: Implement ECDSA signature > 
verification Kconfig: FIT_SIGNATURE should not select RSA_VERIFY > > 
arch/arm/mach-stm32mp/Kconfig | 9 ++ > arch/arm/mach-stm32mp/Makefile | 
1 + > arch/arm/mach-stm32mp/ecdsa_romapi.c | 106 ++++++++++++++++++++++ 
 > common/Kconfig.boot | 8 +- > include/crypto/ecdsa-uclass.h | 39 
++++++++ > include/dm/uclass-id.h | 1 + include/image.h > | 10 +-- 
include/u-boot/rsa.h | 2 +- lib/Kconfig > | 1 + lib/Makefile | 1 + > 
lib/ecdsa/Kconfig | 23 +++++ lib/ecdsa/Makefile > | 1 + 
lib/ecdsa/ecdsa-verify.c | 128 > +++++++++++++++++++++++++++ 13 files 
changed, 320 insertions(+), 10 > deletions(-) create mode 100644 
arch/arm/mach-stm32mp/ecdsa_romapi.c > create mode 100644 
include/crypto/ecdsa-uclass.h create mode 100644 > lib/ecdsa/Kconfig 
create mode 100644 lib/ecdsa/Makefile create mode > 100644 
lib/ecdsa/ecdsa-verify.c >


Regards

Patrick




More information about the U-Boot mailing list