[PATCH v5 6/6] test/py: ecdsa: Add test for mkimage ECDSA signing
Tom Rini
trini at konsulko.com
Thu Feb 18 00:03:05 CET 2021
On Thu, Jan 28, 2021 at 09:52:48AM -0600, Alexandru Gagniuc wrote:
> Add a test to make sure that the ECDSA signatures generated by
> mkimage can be verified successfully. pyCryptodomex was chosen as the
> crypto library because it integrates much better with python code.
> Using openssl would have been unnecessarily painful.
>
> Signed-off-by: Alexandru Gagniuc <mr.nuke.me at gmail.com>
> Reviewed-by: Simon Glass <sjg at chromium.org>
So, to run this test I've done a "pip install -r
test/py/requirements.txt" to make sure I have everything now needed
installed. When I run this test (building in /tmp):
+/tmp/.bm-work/sandbox/tools/mkimage -F /tmp/.bm-work/sandbox/test.fit -k/tmp/.bm-work/sandbox/ecdsa-test-key.pem
Can not get key file '/tmp/.bm-work/sandbox/ecdsa-test-key.pem/dev.pem'
Can not get key file '/tmp/.bm-work/sandbox/ecdsa-test-key.pem/dev.pem'
Failed to sign 'signature' signature node in 'kernel' image node: -2
Failed to sign 'signature' signature node in 'fdt-1' image node: -2
FIT description: Chrome OS kernel image with one or more FDT blobs
...
+fdtget -tbi /tmp/.bm-work/sandbox/test.fit /images/kernel/signature value
Error at 'value': FDT_ERR_NOTFOUND
Which I think means that since we have a key-name-hint of "dev" it's
taking the -k argument as a keydir and that's where it goes wrong.
--
Tom
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 659 bytes
Desc: not available
URL: <https://lists.denx.de/pipermail/u-boot/attachments/20210217/3cf505fd/attachment.sig>
More information about the U-Boot
mailing list