[PATCH v5 12/15] boot: pre-load: add support of ecdsa
Philippe Reynes
philippe.reynes at softathome.com
Tue Apr 21 23:09:51 CEST 2026
Right now, u-boot can only boot image with a
pre-load header with rsa. We add the support
of ecdsa.
Reviewed-by: Simon Glass <sjg at chromium.org>
Signed-off-by: Philippe Reynes <philippe.reynes at softathome.com>
---
v3:
- initial version
v4:
- avoid calling image_get_crypto_algo several times
v5:
- simplify the function is_ecdsa
- re-use already computed crypto in function image_pre_load_sig_setup
boot/image-pre-load.c | 53 +++++++++++++++++++++++++++++++++----------
1 file changed, 41 insertions(+), 12 deletions(-)
diff --git a/boot/image-pre-load.c b/boot/image-pre-load.c
index 2f851ebb28c..af72ea6d547 100644
--- a/boot/image-pre-load.c
+++ b/boot/image-pre-load.c
@@ -70,6 +70,12 @@ static int image_pre_load_sig_setup(struct image_sig_info *info)
return 0;
}
#else
+
+static int is_ecdsa(struct crypto_algo *crypto)
+{
+ return crypto && !strncmp(crypto->name, "ecdsa", 5);
+}
+
/*
* This function gathers information about the signature check
* that could be done before launching the image.
@@ -86,6 +92,7 @@ static int image_pre_load_sig_setup(struct image_sig_info *info)
int key_len;
int node, ret = 0;
char *sig_info_path = NULL;
+ struct crypto_algo *crypto;
if (!info) {
log_err("ERROR: info is NULL for image pre-load sig check\n");
@@ -114,11 +121,24 @@ static int image_pre_load_sig_setup(struct image_sig_info *info)
goto out;
}
- padding_name = fdt_getprop(gd_fdt_blob(), node,
- IMAGE_PRE_LOAD_PROP_PADDING_NAME, NULL);
- if (!padding_name) {
- log_info("INFO: no padding_name provided, so using pkcs-1.5\n");
- padding_name = "pkcs-1.5";
+ crypto = image_get_crypto_algo(algo_name);
+ if (!crypto) {
+ printf("ERROR: can't find a valid crypto algo from %s\n",
+ (char *)algo_name);
+ ret = -EINVAL;
+ goto out;
+ }
+
+ if (is_ecdsa(crypto)) {
+ padding_name = NULL;
+ } else {
+ padding_name = fdt_getprop(gd_fdt_blob(), node,
+ IMAGE_PRE_LOAD_PROP_PADDING_NAME,
+ NULL);
+ if (!padding_name) {
+ log_info("INFO: no padding_name provided, so using pkcs-1.5\n");
+ padding_name = "pkcs-1.5";
+ }
}
sig_size = fdt_getprop(gd_fdt_blob(), node,
@@ -129,12 +149,17 @@ static int image_pre_load_sig_setup(struct image_sig_info *info)
goto out;
}
- key = fdt_getprop(gd_fdt_blob(), node,
- IMAGE_PRE_LOAD_PROP_PUBLIC_KEY, &key_len);
- if (!key) {
- log_err("ERROR: no key for image pre-load sig check\n");
- ret = -EINVAL;
- goto out;
+ if (is_ecdsa(crypto)) {
+ key = NULL;
+ key_len = 0;
+ } else {
+ key = fdt_getprop(gd_fdt_blob(), node,
+ IMAGE_PRE_LOAD_PROP_PUBLIC_KEY, &key_len);
+ if (!key) {
+ log_err("ERROR: no key for image pre-load sig check\n");
+ ret = -EINVAL;
+ goto out;
+ }
}
info->algo_name = (char *)algo_name;
@@ -152,9 +177,13 @@ static int image_pre_load_sig_setup(struct image_sig_info *info)
info->sig_info.name = info->algo_name;
info->sig_info.padding = image_get_padding_algo(info->padding_name);
info->sig_info.checksum = image_get_checksum_algo(info->sig_info.name);
- info->sig_info.crypto = image_get_crypto_algo(info->sig_info.name);
+ info->sig_info.crypto = crypto;
info->sig_info.key = info->key;
info->sig_info.keylen = info->key_len;
+ if (is_ecdsa(crypto)) {
+ info->sig_info.required_keynode = node;
+ info->sig_info.fdt_blob = gd_fdt_blob();
+ }
out:
return ret;
--
2.43.0
More information about the U-Boot
mailing list