[PATCH 0/5] Enable ECDSA FIT verification for stm32mp

Alexandru Gagniuc mr.nuke.me at gmail.com
Thu Jul 29 18:47:14 CEST 2021 

This series is based on the latest master, so no patch dependencies.

Q: Will there be a software-only implementation of ECDSA ?
A: That is the goal, so that we can have more extensive testing with
   the sandbox. I don not have the bandwidth to implement it. There
   has been an initial poer of software ecdsa here:
       https://github.com/timr11/u-boot/tree/ecdsa-vrf-1

Q: Can more code be shared with the RSA verification path?
A: Probably yes. Mostly having to do with parsing the "/signature"
   node and "key-name-hint"s in the u-boot FDT. Although there isn't
   any copypasted RSA code, or code with substantial similarity.

Changes since v5:
  - Fixed clang warning stemming from test/dm/ecdsa.c

Changes since v4:
  - Use U_BOOT_CRYPTO_ALGO() to add ECDSA to .u_boot_list
  - No need to #define IMAGE_ENABLE_VERIFY_ECDSA
  - Use ut_asserteq(x, -ENODEV) instead of ut_assert(x == -ENODEV)

Changes since v3:
  - Remove unused ecdsa_check_key() function

Changes since v2:
  - Spell out "elliptic curve" in Kconfig (Although RSA isn't spelled out)

Changes since v1:
  - Add test to make sure the UCLASS is enabled
  - Fix check against wrong sig_len in ecdsa_romapi.c
  - s/U_BOOT_DEVICE/U_BOOT_DRVINFO/
  - Use "if(!ret)" instead of "if (ret == 0)"
  - Use uclass_first_device_err() instead of uclass_fi

Alexandru Gagniuc (5):
  dm: crypto: Define UCLASS API for ECDSA signature verification
  lib: ecdsa: Implement UCLASS_ECDSA verification on target
  arm: stm32mp1: Implement ECDSA signature verification
  Kconfig: FIT_SIGNATURE should not select RSA_VERIFY
  test: dm: Add test for ECDSA UCLASS support

 arch/arm/mach-stm32mp/Kconfig        |   9 ++
 arch/arm/mach-stm32mp/Makefile       |   1 +
 arch/arm/mach-stm32mp/ecdsa_romapi.c | 102 ++++++++++++++++++++
 common/Kconfig.boot                  |   8 +-
 configs/sandbox_defconfig            |   2 +
 include/crypto/ecdsa-uclass.h        |  39 ++++++++
 include/dm/uclass-id.h               |   1 +
 lib/Kconfig                          |   1 +
 lib/Makefile                         |   1 +
 lib/ecdsa/Kconfig                    |  23 +++++
 lib/ecdsa/Makefile                   |   1 +
 lib/ecdsa/ecdsa-verify.c             | 134 +++++++++++++++++++++++++++
 test/dm/Makefile                     |   1 +
 test/dm/ecdsa.c                      |  38 ++++++++
 14 files changed, 357 insertions(+), 4 deletions(-)
 create mode 100644 arch/arm/mach-stm32mp/ecdsa_romapi.c
 create mode 100644 include/crypto/ecdsa-uclass.h
 create mode 100644 lib/ecdsa/Kconfig
 create mode 100644 lib/ecdsa/Makefile
 create mode 100644 lib/ecdsa/ecdsa-verify.c
 create mode 100644 test/dm/ecdsa.c

-- 
2.31.1

More information about the U-Boot mailing list