U-Boot "lib: Add support for ECDSA image signing" commit breaks socfpga_*_atf_defconfig compilation
Alex G.
mr.nuke.me at gmail.com
Mon May 31 21:01:10 CEST 2021
On 4/24/21 2:43 AM, Lim, Elly Siew Chin wrote:
> Add this discussion to denx mailing list.
[snip]
>
> I can think of two enhancement to fix this:
> (1) Add separate CONFIG to gate ECDSA algorithm. This enhancement benefits all use cases. I assume not all user need ECDSA algorithm when FIT_SIGNATURE is used.
> (2) Enhance spl/spl_fit.c to support verification of data integrity based on hash(es) in FIT image instead of based on FIT_SIGNATURE.
>
>
> What do you think? If you agree:
> For (1), can we ask Alex's help to change it?
> For (2), who will be the right person to change this kind of common code?
>
FYI, I proposed a change to decouple OpenSSL from FIT_SIGNATURE [1]
[1]
https://patchwork.ozlabs.org/project/uboot/patch/20210524202317.1492578-1-mr.nuke.me@gmail.com/
That would enable you to have FIT_SIGNATURE, but not need OpenSSL
support in mkimage.
Alex
More information about the U-Boot
mailing list