[PATCH v3 0/6] Add support for ECDSA image signing (with test)
Alexandru Gagniuc
mr.nuke.me at gmail.com
Thu Jan 7 23:33:35 CET 2021
## Purpose and intent
The ROM code on the STM32MP requires an ECDSA-signed FSBL. Maintaining
verified boot through FIT images would require switching to an RSA key
after SPL. This would be stupid, so this series is focused on enabling
ECDSA signing. The use case that I am focused on is signing an
existing FIT image:
mkimage -F some-existing.fit --signing-key some/key.pem
I don't care about signing while assembling the FIT. The reason is
that I want the machine that builds things to be separate from the
machine that has access to the super-secret-key.pem. The purpose of
this series is to lay the foundations for ECDSA FIT signature
verification on STM32MP.
# Implementation
## Signing
I initially tried to model this after the RSA implementation
(rsa-sign.c), but that didn't go well for a few reasons:
(a) The openssl/libcrypto API is a pain in the ass
(b) The RSA path doesn't have a way to pass a specific key file.
On point (a), I don't want to spend too much time battling a C API for
crypto. I find pyCryptodomex to be vastly superior, but that is not
available for mkimage. I am thus focusing on the simple case of
key in, signature out.
On point (b), the RSA path takes the FDT property 'key-name-hint' to
decide which key file to read from disk. In the context of "which fdt
node describes my signing key", this makes sense. On the other hand,
'key-name-hint' is also used as the basename of where the key is on the
filesystem. This leads to some funny search paths, such as
"some/dir/(null).key"
So I am using the -K option to mkimage as the _full_ path to the key
file. It doesn't have to be named .key, it doesn't have to be named
.crt, and it doesn't have to exist in a particular directory (as is
the case for the RSA path). Take that as is for here -- we can discuss
the merits of this in a separate thread.
## Verification
This will be implemented in a future patch series. The proof of concept
is on github:
https://github.com/mrnuke/u-boot/commits/patch-stm32-ecdsa
# Testing
test/py/tests/test_fit_ecdsa.py is implementing a test for mkimage. It
lets mkimage run wild, tehn verifies the signature against
pyCryptodomex -- see earlier point on for I didn't use openssl.
# Things not yet resolved:
- is mkimage '-k' supposed to be a directory or file path
I'm hoping I can postpone answering this question pending further discussion.
# Changes since v1 and v2:
- Added lots of function comments
- Replaced hardcoded error numbers with more meaningful errno numbers
- CHanged some error paths to use 'return log_msg_ret'
Alexandru Gagniuc (6):
lib: Rename rsa-checksum.c to hash-checksum.c
lib/rsa: Make fdt_add_bignum() available outside of RSA code
lib: Add support for ECDSA image signing
doc: signature.txt: Document devicetree format for ECDSA keys
test/py: Add pycryptodomex to list of required pakages
test/py: ecdsa: Add test for mkimage ECDSA signing
common/image-fit-sig.c | 2 +-
common/image-sig.c | 13 +-
doc/uImage.FIT/signature.txt | 7 +-
include/image.h | 5 +-
include/u-boot/ecdsa.h | 94 ++++++
include/u-boot/fdt-libcrypto.h | 27 ++
.../{rsa-checksum.h => hash-checksum.h} | 0
lib/Makefile | 1 +
lib/crypto/pkcs7_verify.c | 2 +-
lib/crypto/x509_public_key.c | 2 +-
lib/ecdsa/ecdsa-libcrypto.c | 306 ++++++++++++++++++
lib/fdt-libcrypto.c | 72 +++++
lib/{rsa/rsa-checksum.c => hash-checksum.c} | 3 +-
lib/rsa/Makefile | 2 +-
lib/rsa/rsa-sign.c | 65 +---
test/py/requirements.txt | 1 +
test/py/tests/test_fit_ecdsa.py | 111 +++++++
tools/Makefile | 7 +-
18 files changed, 645 insertions(+), 75 deletions(-)
create mode 100644 include/u-boot/ecdsa.h
create mode 100644 include/u-boot/fdt-libcrypto.h
rename include/u-boot/{rsa-checksum.h => hash-checksum.h} (100%)
create mode 100644 lib/ecdsa/ecdsa-libcrypto.c
create mode 100644 lib/fdt-libcrypto.c
rename lib/{rsa/rsa-checksum.c => hash-checksum.c} (96%)
create mode 100644 test/py/tests/test_fit_ecdsa.py
--
2.26.2
More information about the U-Boot
mailing list