U-Boot "lib: Add support for ECDSA image signing" commit breaks socfpga_*_atf_defconfig compilation

Alex G. mr.nuke.me at gmail.com
Mon May 31 21:01:10 CEST 2021

On 4/24/21 2:43 AM, Lim, Elly Siew Chin wrote:
> Add this discussion to denx mailing list.


> I can think of two enhancement to fix this:
> (1) Add separate CONFIG to gate ECDSA algorithm. This enhancement benefits all use cases. I assume not all user need ECDSA algorithm when FIT_SIGNATURE is used.
> (2) Enhance spl/spl_fit.c to support verification of data integrity based on hash(es) in FIT image instead of based on FIT_SIGNATURE.
> What do you think? If you agree:
> For (1), can we ask Alex's help to change it?
> For (2), who will be the right person to change this kind of common code?

FYI, I proposed a change to decouple OpenSSL from FIT_SIGNATURE [1]


That would enable you to have FIT_SIGNATURE, but not need OpenSSL 
support in mkimage.


More information about the U-Boot mailing list