From mboxrd@z Thu Jan 1 00:00:00 1970 From: Tom Rini Date: Wed, 17 Feb 2021 18:03:05 -0500 Subject: [PATCH v5 6/6] test/py: ecdsa: Add test for mkimage ECDSA signing In-Reply-To: <20210128155248.1536195-7-mr.nuke.me@gmail.com> References: <20210128155248.1536195-1-mr.nuke.me@gmail.com> <20210128155248.1536195-7-mr.nuke.me@gmail.com> Message-ID: <20210217230305.GA10108@bill-the-cat> List-Id: MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit To: u-boot@lists.denx.de On Thu, Jan 28, 2021 at 09:52:48AM -0600, Alexandru Gagniuc wrote: > Add a test to make sure that the ECDSA signatures generated by > mkimage can be verified successfully. pyCryptodomex was chosen as the > crypto library because it integrates much better with python code. > Using openssl would have been unnecessarily painful. > > Signed-off-by: Alexandru Gagniuc > Reviewed-by: Simon Glass So, to run this test I've done a "pip install -r test/py/requirements.txt" to make sure I have everything now needed installed. When I run this test (building in /tmp): +/tmp/.bm-work/sandbox/tools/mkimage -F /tmp/.bm-work/sandbox/test.fit -k/tmp/.bm-work/sandbox/ecdsa-test-key.pem Can not get key file '/tmp/.bm-work/sandbox/ecdsa-test-key.pem/dev.pem' Can not get key file '/tmp/.bm-work/sandbox/ecdsa-test-key.pem/dev.pem' Failed to sign 'signature' signature node in 'kernel' image node: -2 Failed to sign 'signature' signature node in 'fdt-1' image node: -2 FIT description: Chrome OS kernel image with one or more FDT blobs ... +fdtget -tbi /tmp/.bm-work/sandbox/test.fit /images/kernel/signature value Error at 'value': FDT_ERR_NOTFOUND Which I think means that since we have a key-name-hint of "dev" it's taking the -k argument as a keydir and that's where it goes wrong. -- Tom -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 659 bytes Desc: not available URL: