[PATCH] mkimage: ecdsa: add signature/key nodes to dtb if missing

Matthias Pritschet matthias at pritschet.eu
Tue Aug 27 18:00:54 CEST 2024 

From: Matthias Pritschet <matthias.pritschet at itk-engineering.de>

If the signature/key node(s) are not yet present in the U-Boot device
tree, ecdsa_add_verify_data simply fails if it can't find the nodes.
This behaviour differs from rsa_add_verify_data, wich does add the missing
nodes and proceeds in that case.

This change is mainly copy&paste from rsa_add_verify_data to add the
same behaviour to ecdsa_add_verify_data.

Signed-off-by: Matthias Pritschet <matthias.pritschet at itk-engineering.de>
---
 lib/ecdsa/ecdsa-libcrypto.c | 36 +++++++++++++++++++++++++++++-------
 1 file changed, 29 insertions(+), 7 deletions(-)

diff --git a/lib/ecdsa/ecdsa-libcrypto.c b/lib/ecdsa/ecdsa-libcrypto.c
index 5fa9be10b4..db0a828a29 100644
--- a/lib/ecdsa/ecdsa-libcrypto.c
+++ b/lib/ecdsa/ecdsa-libcrypto.c
@@ -281,16 +281,35 @@ static int do_add(struct signer *ctx, void *fdt, const char *key_node_name)
 	BIGNUM *x, *y;
 
 	signature_node = fdt_subnode_offset(fdt, 0, FIT_SIG_NODENAME);
-	if (signature_node < 0) {
-		fprintf(stderr, "Could not find 'signature node: %s\n",
+	if (signature_node == -FDT_ERR_NOTFOUND) {
+		signature_node = fdt_add_subnode(fdt, 0, FIT_SIG_NODENAME);
+		if (signature_node < 0) {
+			if (signature_node != -FDT_ERR_NOSPACE) {
+				fprintf(stderr, "Couldn't create signature node: %s\n",
+					fdt_strerror(signature_node));
+			}
+			return signature_node;
+		}
+	} else if (signature_node < 0) {
+		fprintf(stderr, "Cannot select keys signature_node: %s\n",
 			fdt_strerror(signature_node));
 		return signature_node;
 	}
 
-	key_node = fdt_add_subnode(fdt, signature_node, key_node_name);
-	if (key_node < 0) {
-		fprintf(stderr, "Could not create '%s' node: %s\n",
-			key_node_name, fdt_strerror(key_node));
+	/* Either create or overwrite the named key node */
+	key_node = fdt_subnode_offset(fdt, signature_node, key_node_name);
+	if (key_node == -FDT_ERR_NOTFOUND) {
+		key_node = fdt_add_subnode(fdt, signature_node, key_node_name);
+		if (key_node < 0) {
+			if (key_node != -FDT_ERR_NOSPACE) {
+				fprintf(stderr, "Could not create key subnode: %s\n",
+					fdt_strerror(key_node));
+			}
+			return key_node;
+		}
+	} else if (key_node < 0) {
+		fprintf(stderr, "Cannot select keys key_node: %s\n",
+			fdt_strerror(key_node));
 		return key_node;
 	}
 
@@ -326,8 +345,11 @@ int ecdsa_add_verify_data(struct image_sign_info *info, void *fdt)
 
 	fdt_key_name = info->keyname ? info->keyname : "default-key";
 	ret = prepare_ctx(&ctx, info);
-	if (ret >= 0)
+	if (ret >= 0){
 		ret = do_add(&ctx, fdt, fdt_key_name);
+		if (ret < 0)
+			ret = ret == -FDT_ERR_NOSPACE ? -ENOSPC : -EIO;
+	}
 
 	free_ctx(&ctx);
 	return ret;
-- 
2.34.1

More information about the U-Boot mailing list