[PATCH v5 6/6] test/py: ecdsa: Add test for mkimage ECDSA signing
Alex G.
mr.nuke.me at gmail.com
Thu Feb 18 01:02:34 CET 2021
On 2/17/21 5:03 PM, Tom Rini wrote:
> On Thu, Jan 28, 2021 at 09:52:48AM -0600, Alexandru Gagniuc wrote:
>
>> Add a test to make sure that the ECDSA signatures generated by
>> mkimage can be verified successfully. pyCryptodomex was chosen as the
>> crypto library because it integrates much better with python code.
>> Using openssl would have been unnecessarily painful.
>>
>> Signed-off-by: Alexandru Gagniuc <mr.nuke.me at gmail.com>
>> Reviewed-by: Simon Glass <sjg at chromium.org>
>
> So, to run this test I've done a "pip install -r
> test/py/requirements.txt" to make sure I have everything now needed
> installed. When I run this test (building in /tmp):
> +/tmp/.bm-work/sandbox/tools/mkimage -F /tmp/.bm-work/sandbox/test.fit -k/tmp/.bm-work/sandbox/ecdsa-test-key.pem
> Can not get key file '/tmp/.bm-work/sandbox/ecdsa-test-key.pem/dev.pem'
> Can not get key file '/tmp/.bm-work/sandbox/ecdsa-test-key.pem/dev.pem'
> Failed to sign 'signature' signature node in 'kernel' image node: -2
> Failed to sign 'signature' signature node in 'fdt-1' image node: -2
> FIT description: Chrome OS kernel image with one or more FDT blobs
> ...
> +fdtget -tbi /tmp/.bm-work/sandbox/test.fit /images/kernel/signature value
> Error at 'value': FDT_ERR_NOTFOUND
>
> Which I think means that since we have a key-name-hint of "dev" it's
> taking the -k argument as a keydir and that's where it goes wrong.
Did this happen with this series alone?
I realize not that also applying "mkimage: Add a 'keyfile' argument for
image signing" would cause this. I shoudl have (but forgot to) update
the test in that series. I'll update the other series if you want to
pull them in together.
Alex
More information about the U-Boot
mailing list