[PATCH v6 12/15] boot: pre-load: add support of ecdsa
Raymond Mao
raymondmaoca at gmail.com
Mon May 25 17:36:36 CEST 2026
Hi Philippe,
On Mon, May 25, 2026 at 9:52 AM Philippe Reynes
<philippe.reynes at softathome.com> wrote:
>
> Right now, u-boot can only boot image with a
> pre-load header with rsa. We add the support
> of ecdsa.
>
> Reviewed-by: Simon Glass <sjg at chromium.org>
> Signed-off-by: Philippe Reynes <philippe.reynes at softathome.com>
> ---
> v3:
> - initial version
> v4:
> - avoid calling image_get_crypto_algo several times
> v5:
> - simplify the function is_ecdsa
> - re-use already computed crypto in function image_pre_load_sig_setup
> v6:
> - no change
>
> boot/image-pre-load.c | 53 +++++++++++++++++++++++++++++++++----------
> 1 file changed, 41 insertions(+), 12 deletions(-)
>
Looks good to me. Thanks!
Reviewed-by: Raymond Mao <raymondmaoca at gmail.com>
> diff --git a/boot/image-pre-load.c b/boot/image-pre-load.c
> index 2f851ebb28c..af72ea6d547 100644
> --- a/boot/image-pre-load.c
> +++ b/boot/image-pre-load.c
> @@ -70,6 +70,12 @@ static int image_pre_load_sig_setup(struct image_sig_info *info)
> return 0;
> }
> #else
> +
> +static int is_ecdsa(struct crypto_algo *crypto)
> +{
> + return crypto && !strncmp(crypto->name, "ecdsa", 5);
> +}
> +
> /*
> * This function gathers information about the signature check
> * that could be done before launching the image.
> @@ -86,6 +92,7 @@ static int image_pre_load_sig_setup(struct image_sig_info *info)
> int key_len;
> int node, ret = 0;
> char *sig_info_path = NULL;
> + struct crypto_algo *crypto;
>
> if (!info) {
> log_err("ERROR: info is NULL for image pre-load sig check\n");
> @@ -114,11 +121,24 @@ static int image_pre_load_sig_setup(struct image_sig_info *info)
> goto out;
> }
>
> - padding_name = fdt_getprop(gd_fdt_blob(), node,
> - IMAGE_PRE_LOAD_PROP_PADDING_NAME, NULL);
> - if (!padding_name) {
> - log_info("INFO: no padding_name provided, so using pkcs-1.5\n");
> - padding_name = "pkcs-1.5";
> + crypto = image_get_crypto_algo(algo_name);
> + if (!crypto) {
> + printf("ERROR: can't find a valid crypto algo from %s\n",
> + (char *)algo_name);
> + ret = -EINVAL;
> + goto out;
> + }
> +
> + if (is_ecdsa(crypto)) {
> + padding_name = NULL;
> + } else {
> + padding_name = fdt_getprop(gd_fdt_blob(), node,
> + IMAGE_PRE_LOAD_PROP_PADDING_NAME,
> + NULL);
> + if (!padding_name) {
> + log_info("INFO: no padding_name provided, so using pkcs-1.5\n");
> + padding_name = "pkcs-1.5";
> + }
> }
>
> sig_size = fdt_getprop(gd_fdt_blob(), node,
> @@ -129,12 +149,17 @@ static int image_pre_load_sig_setup(struct image_sig_info *info)
> goto out;
> }
>
> - key = fdt_getprop(gd_fdt_blob(), node,
> - IMAGE_PRE_LOAD_PROP_PUBLIC_KEY, &key_len);
> - if (!key) {
> - log_err("ERROR: no key for image pre-load sig check\n");
> - ret = -EINVAL;
> - goto out;
> + if (is_ecdsa(crypto)) {
> + key = NULL;
> + key_len = 0;
> + } else {
> + key = fdt_getprop(gd_fdt_blob(), node,
> + IMAGE_PRE_LOAD_PROP_PUBLIC_KEY, &key_len);
> + if (!key) {
> + log_err("ERROR: no key for image pre-load sig check\n");
> + ret = -EINVAL;
> + goto out;
> + }
> }
>
> info->algo_name = (char *)algo_name;
> @@ -152,9 +177,13 @@ static int image_pre_load_sig_setup(struct image_sig_info *info)
> info->sig_info.name = info->algo_name;
> info->sig_info.padding = image_get_padding_algo(info->padding_name);
> info->sig_info.checksum = image_get_checksum_algo(info->sig_info.name);
> - info->sig_info.crypto = image_get_crypto_algo(info->sig_info.name);
> + info->sig_info.crypto = crypto;
> info->sig_info.key = info->key;
> info->sig_info.keylen = info->key_len;
> + if (is_ecdsa(crypto)) {
> + info->sig_info.required_keynode = node;
> + info->sig_info.fdt_blob = gd_fdt_blob();
> + }
>
> out:
> return ret;
> --
> 2.43.0
>
More information about the U-Boot
mailing list