[PATCH v3 3/6] lib: Add support for ECDSA image signing
sjg at chromium.org
Wed Jan 13 17:10:25 CET 2021
On Thu, 7 Jan 2021 at 15:34, Alexandru Gagniuc <mr.nuke.me at gmail.com> wrote:
> mkimage supports rsa2048, and rsa4096 signatures. With newer silicon
> now supporting hardware-accelerated ECDSA, it makes sense to expand
> signing support to elliptic curves.
> Implement host-side ECDSA signing and verification with libcrypto.
> Device-side implementation of signature verification is beyond the
> scope of this patch.
> Signed-off-by: Alexandru Gagniuc <mr.nuke.me at gmail.com>
> common/image-sig.c | 11 +-
> include/image.h | 3 +
> include/u-boot/ecdsa.h | 94 +++++++++++
> lib/ecdsa/ecdsa-libcrypto.c | 306 ++++++++++++++++++++++++++++++++++++
> tools/Makefile | 3 +
> 5 files changed, 415 insertions(+), 2 deletions(-)
> create mode 100644 include/u-boot/ecdsa.h
> create mode 100644 lib/ecdsa/ecdsa-libcrypto.c
Reviewed-by: Simon Glass <sjg at chromium.org>
But you should check the return value of do_sign(). Why do you call
ecdsa_check_signature() afterwards? Can you not trust the library?
More information about the U-Boot