[PATCH v2 0/6] Enable ECDSA FIT verification for stm32mp
Alexandru Gagniuc
mr.nuke.me at gmail.com
Tue Mar 16 01:24:26 CET 2021
This series is Part II of the ECDSA saga. It applies on top of [1]:
* [PATCH v6 00/11] Add support for ECDSA image signing
I've designed the UCLASS_ECDSA such that it aligns with the ROM API
of the stm32mp. Instead of splitting the verification into
(1) curve operations and (2) modular exponentiation, I've
concatenated everything in a 'verify' step. It would be impossible to
split the steps and use the stm32mp ROM for verification.
Should more granular control be required, this API could be extended
at a later time. Until we have more hardware supporting ECDSA, this
is purely speculative.
The ROM API of the stm32mp is passed in 'r0' when the FSBL is called.
While we can save 'r0' in SPL, this series does not implement a
mechanism to pass this to u-boot. Thus the ROM API, and ECDSA
verification are only available for SPL. Although possible, extending
this to u-boot by adding the ROM address to the FDT blob, implementing
and verifying this is beyond the scope of this series.
Changes since v1:
- Add test to make sure the UCLASS is enabled
- Fix check against wrong sig_len in ecdsa_romapi.c
- s/U_BOOT_DEVICE/U_BOOT_DRVINFO/
- Use "if(!ret)" instead of "if (ret == 0)"
- Use uclass_first_device_err() instead of uclass_first_device()
- Make sure #includes are correctly alphabetized
Alexandru Gagniuc (6):
dm: crypto: Define UCLASS API for ECDSA signature verification
lib: ecdsa: Add skeleton to implement ecdsa verification in u-boot
lib: ecdsa: Implement signature verification for crypto_algo API
arm: stm32mp1: Implement ECDSA signature verification
Kconfig: FIT_SIGNATURE should not select RSA_VERIFY
test: dm: Add test for ECDSA UCLASS support
arch/arm/mach-stm32mp/Kconfig | 10 ++-
arch/arm/mach-stm32mp/Makefile | 1 +
arch/arm/mach-stm32mp/ecdsa_romapi.c | 106 ++++++++++++++++++++++
common/Kconfig.boot | 8 +-
configs/sandbox_defconfig | 2 +
include/crypto/ecdsa-uclass.h | 39 ++++++++
include/dm/uclass-id.h | 1 +
include/image.h | 10 +--
include/u-boot/rsa.h | 2 +-
lib/Kconfig | 1 +
lib/Makefile | 1 +
lib/ecdsa/Kconfig | 23 +++++
lib/ecdsa/Makefile | 1 +
lib/ecdsa/ecdsa-verify.c | 128 +++++++++++++++++++++++++++
test/dm/Makefile | 1 +
test/dm/ecdsa.c | 38 ++++++++
16 files changed, 361 insertions(+), 11 deletions(-)
create mode 100644 arch/arm/mach-stm32mp/ecdsa_romapi.c
create mode 100644 include/crypto/ecdsa-uclass.h
create mode 100644 lib/ecdsa/Kconfig
create mode 100644 lib/ecdsa/Makefile
create mode 100644 lib/ecdsa/ecdsa-verify.c
create mode 100644 test/dm/ecdsa.c
--
2.26.2
More information about the U-Boot
mailing list