[RFC PATCH v2 4/9] drivers: crypto: add software ecdsa support
Raymond Mao
raymondmaoca at gmail.com
Tue Mar 31 17:20:14 CEST 2026
Hi Philippe,
On Tue, Mar 31, 2026 at 9:05 AM Philippe Reynes
<philippe.reynes at softathome.com> wrote:
>
> Hi Raymond,
>
>
> Le 20/02/2026 à 17:40, Raymond Mao a écrit :
> > This Mail comes from Outside of SoftAtHome: Do not answer, click links or open attachments unless you recognize the sender and know the content is safe.
> >
> > Hi Philippe,
> >
> > On Thu, Feb 19, 2026 at 8:26 AM Philippe Reynes
> > <philippe.reynes at softathome.com> wrote:
> >> Add an software ecdsa driver so it is
> >> now possible to use ecdsa signature on
> >> board without ecdsa hardware support.
> >>
> >> Signed-off-by: Philippe Reynes <philippe.reynes at softathome.com>
> >> ---
> >> v2:
> >> - no change
> >>
> >> drivers/crypto/Kconfig | 2 ++
> >> drivers/crypto/Makefile | 1 +
> >> drivers/crypto/ecdsa/Kconfig | 6 ++++++
> >> drivers/crypto/ecdsa/Makefile | 6 ++++++
> >> drivers/crypto/ecdsa/ecdsa-sw.c | 33 +++++++++++++++++++++++++++++++++
> >> 5 files changed, 48 insertions(+)
> >> create mode 100644 drivers/crypto/ecdsa/Kconfig
> >> create mode 100644 drivers/crypto/ecdsa/Makefile
> >> create mode 100644 drivers/crypto/ecdsa/ecdsa-sw.c
> >>
> >> diff --git a/drivers/crypto/Kconfig b/drivers/crypto/Kconfig
> >> index 0d58e3910fe..cf49e5c0f7e 100644
> >> --- a/drivers/crypto/Kconfig
> >> +++ b/drivers/crypto/Kconfig
> >> @@ -12,4 +12,6 @@ source "drivers/crypto/nuvoton/Kconfig"
> >>
> >> source "drivers/crypto/tegra/Kconfig"
> >>
> >> +source "drivers/crypto/ecdsa/Kconfig"
> >> +
> >> endmenu
> >> diff --git a/drivers/crypto/Makefile b/drivers/crypto/Makefile
> >> index e4a4482b7f3..8170e4cae9c 100644
> >> --- a/drivers/crypto/Makefile
> >> +++ b/drivers/crypto/Makefile
> >> @@ -4,6 +4,7 @@
> >> # http://www.samsung.com/
> >>
> >> obj-$(CONFIG_EXYNOS_ACE_SHA) += ace_sha.o
> >> +obj-$(CONFIG_ECDSA) += ecdsa/
> >> obj-y += aes/
> >> obj-y += rsa_mod_exp/
> >> obj-y += fsl/
> >> diff --git a/drivers/crypto/ecdsa/Kconfig b/drivers/crypto/ecdsa/Kconfig
> >> new file mode 100644
> >> index 00000000000..308824d8421
> >> --- /dev/null
> >> +++ b/drivers/crypto/ecdsa/Kconfig
> >> @@ -0,0 +1,6 @@
> >> +config ECDSA_SW
> >> + bool "Enable driver for ECDSA in software"
> >> + depends on ECDSA_MBEDTLS
> >> + help
> >> + Enable driver for ECDSA operations in software. Currently
> >> + it supports multiple ECDSA algorithm.
> >
> > Same comments as I placed in your patch [0/9], ECDSA_SW is not
> > required and can be replaced by ECDSA_MBEDTLS.
> I have discovered that this driver should also depend on ECDSA_VERIFY.
> Otherwise we may define a driver (defined in this file) without a device
> (defined in lib/ecdsa/ecdsa-verify.c),
> and that leads to a crash à boot.
> So I have kept this config in v3.
>
Can the implementation of RSA be a reference?
It has RSA, RSA_VERIFY without coupling with impl '_SW' or '_MBEDTLS'.
Raymond
> >
> > Regards,
> > Raymond
> Regards,
> Philippe
>
> >
> >> diff --git a/drivers/crypto/ecdsa/Makefile b/drivers/crypto/ecdsa/Makefile
> >> new file mode 100644
> >> index 00000000000..8f9e5a767f8
> >> --- /dev/null
> >> +++ b/drivers/crypto/ecdsa/Makefile
> >> @@ -0,0 +1,6 @@
> >> +# SPDX-License-Identifier: GPL-2.0+
> >> +#
> >> +# Copyright (C) 2026 Philippe Reynes <philippe.reynes at softathome.com>
> >> +#
> >> +
> >> +obj-$(CONFIG_ECDSA_SW) += ecdsa-sw.o
> >> diff --git a/drivers/crypto/ecdsa/ecdsa-sw.c b/drivers/crypto/ecdsa/ecdsa-sw.c
> >> new file mode 100644
> >> index 00000000000..0d526371ecb
> >> --- /dev/null
> >> +++ b/drivers/crypto/ecdsa/ecdsa-sw.c
> >> @@ -0,0 +1,33 @@
> >> +// SPDX-License-Identifier: GPL-2.0+
> >> +/*
> >> + * Copyright (C) 2026 Philippe Reynes <philippe.reynes at softathome.com>
> >> + */
> >> +#include <dm/device.h>
> >> +#include <linux/types.h>
> >> +#include <u-boot/ecdsa.h>
> >> +#include <crypto/ecdsa-uclass.h>
> >> +#include <dm/platdata.h>
> >> +#include <crypto/internal/sw_ecdsa.h>
> >> +
> >> +static int ops_sw_ecdsa_verify(__always_unused struct udevice *dev,
> >> + const struct ecdsa_public_key *pubkey,
> >> + const void *hash, size_t hash_len,
> >> + const void *signature, size_t sig_len)
> >> +{
> >> + return sw_ecdsa_verify(pubkey, hash, hash_len, signature, sig_len);
> >> +}
> >> +
> >> +static const struct ecdsa_ops sw_ecdsa_ops = {
> >> + .verify = ops_sw_ecdsa_verify,
> >> +};
> >> +
> >> +U_BOOT_DRIVER(sw_ecdsa) = {
> >> + .name = "sw_ecdsa",
> >> + .id = UCLASS_ECDSA,
> >> + .ops = &sw_ecdsa_ops,
> >> + .flags = DM_FLAG_PRE_RELOC,
> >> +};
> >> +
> >> +U_BOOT_DRVINFO(sw_ecdsa) = {
> >> + .name = "sw_ecdsa",
> >> +};
> >> --
> >> 2.43.0
> >>
More information about the U-Boot
mailing list