From: Tom Rini <trini@konsulko.com>
To: u-boot@lists.denx.de
Subject: [PATCH v5 6/6] test/py: ecdsa: Add test for mkimage ECDSA signing
Date: Wed, 17 Feb 2021 18:03:05 -0500 [thread overview]
Message-ID: <20210217230305.GA10108@bill-the-cat> (raw)
In-Reply-To: <20210128155248.1536195-7-mr.nuke.me@gmail.com>
On Thu, Jan 28, 2021 at 09:52:48AM -0600, Alexandru Gagniuc wrote:
> Add a test to make sure that the ECDSA signatures generated by
> mkimage can be verified successfully. pyCryptodomex was chosen as the
> crypto library because it integrates much better with python code.
> Using openssl would have been unnecessarily painful.
>
> Signed-off-by: Alexandru Gagniuc <mr.nuke.me@gmail.com>
> Reviewed-by: Simon Glass <sjg@chromium.org>
So, to run this test I've done a "pip install -r
test/py/requirements.txt" to make sure I have everything now needed
installed. When I run this test (building in /tmp):
+/tmp/.bm-work/sandbox/tools/mkimage -F /tmp/.bm-work/sandbox/test.fit -k/tmp/.bm-work/sandbox/ecdsa-test-key.pem
Can not get key file '/tmp/.bm-work/sandbox/ecdsa-test-key.pem/dev.pem'
Can not get key file '/tmp/.bm-work/sandbox/ecdsa-test-key.pem/dev.pem'
Failed to sign 'signature' signature node in 'kernel' image node: -2
Failed to sign 'signature' signature node in 'fdt-1' image node: -2
FIT description: Chrome OS kernel image with one or more FDT blobs
...
+fdtget -tbi /tmp/.bm-work/sandbox/test.fit /images/kernel/signature value
Error at 'value': FDT_ERR_NOTFOUND
Which I think means that since we have a key-name-hint of "dev" it's
taking the -k argument as a keydir and that's where it goes wrong.
--
Tom
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 659 bytes
Desc: not available
URL: <https://lists.denx.de/pipermail/u-boot/attachments/20210217/3cf505fd/attachment.sig>
next prev parent reply other threads:[~2021-02-17 23:03 UTC|newest]
Thread overview: 12+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-01-28 15:52 [PATCH v5 0/6] Add support for ECDSA image signing (with test) Alexandru Gagniuc
2021-01-28 15:52 ` [PATCH v5 1/6] lib: Rename rsa-checksum.c to hash-checksum.c Alexandru Gagniuc
2021-01-28 15:52 ` [PATCH v5 2/6] lib/rsa: Make fdt_add_bignum() available outside of RSA code Alexandru Gagniuc
2021-01-28 15:52 ` [PATCH v5 3/6] lib: Add support for ECDSA image signing Alexandru Gagniuc
2021-01-28 15:52 ` [PATCH v5 4/6] doc: signature.txt: Document devicetree format for ECDSA keys Alexandru Gagniuc
2021-01-28 15:52 ` [PATCH v5 5/6] test/py: Add pycryptodomex to list of required pakages Alexandru Gagniuc
2021-01-28 15:52 ` [PATCH v5 6/6] test/py: ecdsa: Add test for mkimage ECDSA signing Alexandru Gagniuc
2021-02-01 20:43 ` Simon Glass
2021-02-10 20:16 ` Alex G.
2021-02-17 23:03 ` Tom Rini [this message]
2021-02-18 0:02 ` Alex G.
2021-02-18 0:29 ` Tom Rini
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20210217230305.GA10108@bill-the-cat \
--to=trini@konsulko.com \
--cc=u-boot@lists.denx.de \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox