From: Alexandru Gagniuc <mr.nuke.me@gmail.com>
To: u-boot@lists.denx.de
Subject: [PATCH v5 0/5] Enable ECDSA FIT verification for stm32mp
Date: Mon, 17 May 2021 13:38:59 -0500 [thread overview]
Message-ID: <20210517183904.853304-1-mr.nuke.me@gmail.com> (raw)
This series is based on the following:
"[PATCH 00/18] image: Reduce #ifdef abuse in image code"
This rebase is awesome because we don't need to change #defines in
common code or rely on hidden #ifdefs.
Q: Will there be a software-only implementation of ECDSA ?
A: That is the goal, so that we can have more extensive testing with
the sandbox. I don not have the bandwidth to implement it. There
has been an initial poer of software ecdsa here:
https://github.com/timr11/u-boot/tree/ecdsa-vrf-1
Q: Can more code be shared with the RSA verification path?
A: Probably yes. Mostly having to do with parsing the "/signature"
node and "key-name-hint"s in the u-boot FDT. Although there isn't
any copypasted RSA code, or code with substantial similarity.
Changes since v4:
- Use U_BOOT_CRYPTO_ALGO() to add ECDSA to .u_boot_list
- No need to #define IMAGE_ENABLE_VERIFY_ECDSA
- Use ut_asserteq(x, -ENODEV) instead of ut_assert(x == -ENODEV)
Changes since v3:
- Remove unused ecdsa_check_key() function
Changes since v2:
- Spell out "elliptic curve" in Kconfig (Although RSA isn't spelled out)
Changes since v1:
- Add test to make sure the UCLASS is enabled
- Fix check against wrong sig_len in ecdsa_romapi.c
- s/U_BOOT_DEVICE/U_BOOT_DRVINFO/
- Use "if(!ret)" instead of "if (ret == 0)"
- Use uclass_first_device_err() instead of uclass_first_device()
- Make sure #includes are correctly alphabetized
Alexandru Gagniuc (5):
dm: crypto: Define UCLASS API for ECDSA signature verification
lib: ecdsa: Implement UCLASS_ECDSA verification on target
arm: stm32mp1: Implement ECDSA signature verification
Kconfig: FIT_SIGNATURE should not select RSA_VERIFY
test: dm: Add test for ECDSA UCLASS support
arch/arm/mach-stm32mp/Kconfig | 9 ++
arch/arm/mach-stm32mp/Makefile | 1 +
arch/arm/mach-stm32mp/ecdsa_romapi.c | 102 ++++++++++++++++++++
common/Kconfig.boot | 8 +-
configs/sandbox_defconfig | 2 +
include/crypto/ecdsa-uclass.h | 39 ++++++++
include/dm/uclass-id.h | 1 +
lib/Kconfig | 1 +
lib/Makefile | 1 +
lib/ecdsa/Kconfig | 23 +++++
lib/ecdsa/Makefile | 1 +
lib/ecdsa/ecdsa-verify.c | 134 +++++++++++++++++++++++++++
test/dm/Makefile | 1 +
test/dm/ecdsa.c | 39 ++++++++
14 files changed, 358 insertions(+), 4 deletions(-)
create mode 100644 arch/arm/mach-stm32mp/ecdsa_romapi.c
create mode 100644 include/crypto/ecdsa-uclass.h
create mode 100644 lib/ecdsa/Kconfig
create mode 100644 lib/ecdsa/Makefile
create mode 100644 lib/ecdsa/ecdsa-verify.c
create mode 100644 test/dm/ecdsa.c
--
2.31.1
next reply other threads:[~2021-05-17 18:38 UTC|newest]
Thread overview: 25+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-05-17 18:38 Alexandru Gagniuc [this message]
2021-05-17 18:39 ` [PATCH v5 1/5] dm: crypto: Define UCLASS API for ECDSA signature verification Alexandru Gagniuc
2021-05-19 16:36 ` Simon Glass
2021-05-17 18:39 ` [PATCH v5 2/5] lib: ecdsa: Implement UCLASS_ECDSA verification on target Alexandru Gagniuc
2021-05-19 16:36 ` Simon Glass
2021-05-17 18:39 ` [PATCH v5 3/5] arm: stm32mp1: Implement ECDSA signature verification Alexandru Gagniuc
2021-05-17 18:39 ` [PATCH v5 4/5] Kconfig: FIT_SIGNATURE should not select RSA_VERIFY Alexandru Gagniuc
2021-05-17 19:10 ` Igor Opaniuk
2021-05-17 18:39 ` [PATCH v5 5/5] test: dm: Add test for ECDSA UCLASS support Alexandru Gagniuc
2021-07-27 8:09 ` Patrick DELAUNAY
2021-07-29 16:47 ` [PATCH 0/5] Enable ECDSA FIT verification for stm32mp Alexandru Gagniuc
2021-07-29 16:47 ` [PATCH 1/5] dm: crypto: Define UCLASS API for ECDSA signature verification Alexandru Gagniuc
2021-07-30 9:47 ` Patrick DELAUNAY
2021-08-16 11:31 ` Patrice CHOTARD
2021-07-29 16:47 ` [PATCH 2/5] lib: ecdsa: Implement UCLASS_ECDSA verification on target Alexandru Gagniuc
2021-07-30 9:49 ` Patrick DELAUNAY
2021-07-29 16:47 ` [PATCH 3/5] arm: stm32mp1: Implement ECDSA signature verification Alexandru Gagniuc
2021-07-30 9:51 ` Patrick DELAUNAY
2021-08-16 11:31 ` Patrice CHOTARD
2021-07-29 16:47 ` [PATCH 4/5] Kconfig: FIT_SIGNATURE should not select RSA_VERIFY Alexandru Gagniuc
2021-07-30 9:52 ` Patrick DELAUNAY
2021-08-16 11:32 ` Patrice CHOTARD
2021-07-29 16:47 ` [PATCH 5/5] test: dm: Add test for ECDSA UCLASS support Alexandru Gagniuc
2021-07-30 9:53 ` Patrick DELAUNAY
2021-08-16 11:32 ` Patrice CHOTARD
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20210517183904.853304-1-mr.nuke.me@gmail.com \
--to=mr.nuke.me@gmail.com \
--cc=u-boot@lists.denx.de \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox