[PATCH] lib: ecdsa: use .key extension for keydir keys
James Hilliard
james.hilliard1 at gmail.com
Fri Jul 3 23:40:03 CEST 2026
The keydir/keyname path should follow the FIT signing key convention and
read <key-name-hint>.key. Using .pem here is incorrect and does not match
the filenames used by mkimage and binman key-directory flows.
Signed-off-by: James Hilliard <james.hilliard1 at gmail.com>
---
lib/ecdsa/ecdsa-libcrypto.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/lib/ecdsa/ecdsa-libcrypto.c b/lib/ecdsa/ecdsa-libcrypto.c
index c4bfb2cec61..ef3e42cb0f8 100644
--- a/lib/ecdsa/ecdsa-libcrypto.c
+++ b/lib/ecdsa/ecdsa-libcrypto.c
@@ -338,7 +338,7 @@ static int prepare_ctx(struct signer *ctx, const struct image_sign_info *info)
} else if (info->keyfile) {
snprintf(kname, sizeof(kname), "%s", info->keyfile);
} else if (info->keydir && info->keyname) {
- snprintf(kname, sizeof(kname), "%s/%s.pem", info->keydir,
+ snprintf(kname, sizeof(kname), "%s/%s.key", info->keydir,
info->keyname);
} else {
fprintf(stderr, "keyfile, keyname, or key-name-hint missing\n");
--
2.53.0
More information about the U-Boot
mailing list