[PATCH v5 6/6] test/py: ecdsa: Add test for mkimage ECDSA signing

Tom Rini trini at konsulko.com
Thu Feb 18 01:29:59 CET 2021


On Wed, Feb 17, 2021 at 06:02:34PM -0600, Alex G. wrote:
> On 2/17/21 5:03 PM, Tom Rini wrote:
> > On Thu, Jan 28, 2021 at 09:52:48AM -0600, Alexandru Gagniuc wrote:
> > 
> > > Add a test to make sure that the ECDSA signatures generated by
> > > mkimage can be verified successfully. pyCryptodomex was chosen as the
> > > crypto library because it integrates much better with python code.
> > > Using openssl would have been unnecessarily painful.
> > > 
> > > Signed-off-by: Alexandru Gagniuc <mr.nuke.me at gmail.com>
> > > Reviewed-by: Simon Glass <sjg at chromium.org>
> > 
> > So, to run this test I've done a "pip install -r
> > test/py/requirements.txt" to make sure I have everything now needed
> > installed.  When I run this test (building in /tmp):
> > +/tmp/.bm-work/sandbox/tools/mkimage -F /tmp/.bm-work/sandbox/test.fit -k/tmp/.bm-work/sandbox/ecdsa-test-key.pem
> > Can not get key file '/tmp/.bm-work/sandbox/ecdsa-test-key.pem/dev.pem'
> > Can not get key file '/tmp/.bm-work/sandbox/ecdsa-test-key.pem/dev.pem'
> > Failed to sign 'signature' signature node in 'kernel' image node: -2
> > Failed to sign 'signature' signature node in 'fdt-1' image node: -2
> > FIT description: Chrome OS kernel image with one or more FDT blobs
> > ...
> > +fdtget -tbi /tmp/.bm-work/sandbox/test.fit /images/kernel/signature value
> > Error at 'value': FDT_ERR_NOTFOUND
> > 
> > Which I think means that since we have a key-name-hint of "dev" it's
> > taking the -k argument as a keydir and that's where it goes wrong.
> 
> Did this happen with this series alone?
> I realize not that also applying "mkimage: Add a 'keyfile' argument for
> image signing" would cause this. I shoudl have (but forgot to) update the
> test in that series. I'll update the other series if you want to pull them
> in together.

No, this was with the other series applied as well.  In the end, please
make sure that yes, the tests all pass.  If it's easier to combine both
series, that's fine.  Thanks!

-- 
Tom
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 659 bytes
Desc: not available
URL: <https://lists.denx.de/pipermail/u-boot/attachments/20210217/1f1577e8/attachment.sig>


More information about the U-Boot mailing list