[PATCH] lib: ecdsa: use .key extension for keydir keys

James Hilliard james.hilliard1 at gmail.com
Fri Jul 3 23:40:03 CEST 2026


The keydir/keyname path should follow the FIT signing key convention and
read <key-name-hint>.key. Using .pem here is incorrect and does not match
the filenames used by mkimage and binman key-directory flows.

Signed-off-by: James Hilliard <james.hilliard1 at gmail.com>
---
 lib/ecdsa/ecdsa-libcrypto.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/lib/ecdsa/ecdsa-libcrypto.c b/lib/ecdsa/ecdsa-libcrypto.c
index c4bfb2cec61..ef3e42cb0f8 100644
--- a/lib/ecdsa/ecdsa-libcrypto.c
+++ b/lib/ecdsa/ecdsa-libcrypto.c
@@ -338,7 +338,7 @@ static int prepare_ctx(struct signer *ctx, const struct image_sign_info *info)
 	} else if (info->keyfile) {
 		snprintf(kname,  sizeof(kname), "%s", info->keyfile);
 	} else if (info->keydir && info->keyname) {
-		snprintf(kname, sizeof(kname), "%s/%s.pem", info->keydir,
+		snprintf(kname, sizeof(kname), "%s/%s.key", info->keydir,
 			 info->keyname);
 	} else {
 		fprintf(stderr, "keyfile, keyname, or key-name-hint missing\n");
-- 
2.53.0



More information about the U-Boot mailing list