Fw: ECDSA for FIT Files in U-Boot

Thu Aug 8 10:21:15 CEST 2024

Hi Simon and Alexander,

Thank you both for these resources.

Hopefully they will provide more indication into why I cannot get ECDSA to work.

I have seen some of these resources (Admittedly I did only look partially at the one for the beagle bone board), however the patch series for barebox is new info for me.

I'll make sure to inspect these two in depth.

Again, thanks to both of you.

Regards,
Eden
________________________________
From: Simon Glass <sjg at chromium.org>
Sent: 07 August 2024 15:36
To: Eden Hamilton VRC7 C <eden.hamilton at bt.com>
Cc: u-boot at lists.denx.de <u-boot at lists.denx.de>
Subject: Re: Fw: ECDSA for FIT Files in U-Boot

Hi Eden,

On Wed, 7 Aug 2024 at 07:59, Simon Glass <sjg at chromium.org> wrote:
>
> Hi Eden,
>
> I don't see it on the mailing list yet[1].
>
> Regards,
> Simon
>
> [1] https://eur02.safelinks.protection.outlook.com/?url=https%3A%2F%2Flists.denx.de%2Flistinfo%2Fu-boot&data=05%7C02%7Ceden.hamilton%40bt.com%7Cc7df45e8437a427db8e708dcb6ee6a64%7Ca7f356889c004d5eba4129f146377ab0%7C0%7C0%7C638586382302555093%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C0%7C%7C%7C&sdata=17yAjpT6FO5NJGfHqfBJRvg3K03nqkhW2xnD5kyoP98%3D&reserved=0<https://lists.denx.de/listinfo/u-boot>
>
> On Wed, 7 Aug 2024 at 02:21, <eden.hamilton at bt.com> wrote:
> >
> > Hi Simon,
> >
> > I have forwarded these emails as requested.
> >
> > Cheers,
> > Eden
> >
> > ________________________________
> > From: Simon Glass <sjg at chromium.org>
> > Sent: 06 August 2024 22:47
> > To: Eden Hamilton VRC7 C <eden.hamilton at bt.com>
> > Subject: Re: ECDSA for FIT Files in U-Boot
> >
> > Hi Eden,
> >
> > Would you mind sending this to the U-Boot mailing list and cc me?
> > There are quite a few people involved in the security side.
> >
> > Regards,
> > Simon
> >
> > On Tue, 6 Aug 2024 at 08:24, <eden.hamilton at bt.com> wrote:
> > >
> > > Hi there Simon!
> > >
> > > I am Eden, currently at BT trying to get ECDSA verified boot for FIT files working on U-Boot.
> > >
> > > I have observed that you have reviewed many patches/updates surrounding ECDSA in U-Boot.
> > >
> > > I have been trying to get this working, but it is appearing difficult due to no examples online.
> > >
> > > I was wondering, if you have any examples where you have managed to get this working? Perhaps examples of FIT files, DTBs etc - that you would not mind sharing with me.
> > >
> > > If you do not, then no worries.

OK, there it is, hidden under my ellipsis, thanks. Here are a few thoughts:

[1] is the general docs which I'm sure you've read
[2] Describes the process for a real board (with RSA, but the idea is similar)
[3] Is a test for ECDSA so you should be able to follow along with the
steps there to get something working

If you have problems, then a console trace is often useful.

Regards,
SImon

[1] https://eur02.safelinks.protection.outlook.com/?url=https%3A%2F%2Fdocs.u-boot.org%2Fen%2Flatest%2Fusage%2Ffit%2Fsignature.htm&data=05%7C02%7Ceden.hamilton%40bt.com%7Cc7df45e8437a427db8e708dcb6ee6a64%7Ca7f356889c004d5eba4129f146377ab0%7C0%7C0%7C638586382302567690%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C0%7C%7C%7C&sdata=fF9swWqhRl8yzTlT0Y%2FivJ9dqmRHkR98iEoyd6edGjk%3D&reserved=0<https://docs.u-boot.org/en/latest/usage/fit/signature.htm>
[2] https://eur02.safelinks.protection.outlook.com/?url=https%3A%2F%2Fdocs.u-boot.org%2Fen%2Flatest%2Fusage%2Ffit%2Fbeaglebone_vboot.html&data=05%7C02%7Ceden.hamilton%40bt.com%7Cc7df45e8437a427db8e708dcb6ee6a64%7Ca7f356889c004d5eba4129f146377ab0%7C0%7C0%7C638586382302575865%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C0%7C%7C%7C&sdata=nPtxC0tb9ORxeJOe1cxjx2MUqhj2c2z6kXJ4lFuqgBM%3D&reserved=0<https://docs.u-boot.org/en/latest/usage/fit/beaglebone_vboot.html>
[3] test/py/tests/test_fit_ecdsa.py