Djam/u-boot
1
0
Fork 0
mirror of https://github.com/u-boot/u-boot.git synced 2025-04-23 22:14:54 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions
96385 commits 9 branches 499 tags 334 MiB
Commit graph

8 commits

Author SHA1 Message Date
Matthias Pritschet
c623bce70c mkimage: ecdsa: add nodes to signature/key node 
Add the "required", "algo", and "key-name-hint" nodes to the
signature/key node if ecdsa256 is used.

This change is mainly copy&paste from rsa_add_verify_data which already
adds these nodes.

Signed-off-by: Matthias Pritschet <matthias.pritschet@itk-engineering.de>
 2024-10-07 21:31:20 -06:00
Matthias Pritschet
b67436d319 mkimage: ecdsa: add signature/key nodes to dtb if missing 
If the signature/key node(s) are not yet present in the U-Boot device
tree, ecdsa_add_verify_data simply fails if it can't find the nodes.
This behaviour differs from rsa_add_verify_data, wich does add the missing
nodes and proceeds in that case.

This change is mainly copy&paste from rsa_add_verify_data to add the
same behaviour to ecdsa_add_verify_data.

Signed-off-by: Matthias Pritschet <matthias.pritschet@itk-engineering.de>
 2024-10-07 21:30:50 -06:00
Joakim Tjernlund
7bc5f66f55 Add mkimage secp521r1 ECDSA curve support 
Adds support for the secp521r1 ECDSA algorithm to mkimage.

Signed-off-by: Joakim Tjernlund <joakim.tjernlund@infinera.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
 2024-10-02 13:35:56 -06:00
Stefano Babic
50195a2346 mkimage: ecdsa: password for signing from environment 
Use a variable (MKIMAGE_SIGN_PASSWORD) like already done for RSA to
allow the signing process to run in batch.

Signed-off-by: Stefano Babic <sbabic@denx.de>
 2023-06-20 16:08:13 -04:00
Simon Glass
c033dc8c0c image: Return destination node for add_verify_data() method 
It is useful to know where the verification data was written. Update the
API to return this.

Signed-off-by: Simon Glass <sjg@chromium.org>
 2022-01-26 08:50:44 -07:00
Heinrich Schuchardt
3a8b919932 tools: avoid OpenSSL deprecation warnings 
Our Gitlab CI buildsystem is set up to treat warnings as errors.
With OpenSSL 3.0 a lot of deprecation warnings occur.

With the patch compatibility with OpenSSL 1.1.1 is declared.
In the long run we should upgrade our code to use the current API.

A -Wdiscarded-qualifiers warning is muted by casting.

Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
 2021-12-26 06:57:20 +01:00
Alexandru Gagniuc
eb22759e2b lib/ecdsa: Use the 'keydir' argument from mkimage if appropriate 
Keys can be derived from keydir, and the "key-name-hint" property of
the FIT. They can also be specified ad-literam via 'keyfile'. Update
the ECDSA signing path to use the appropriate one.

Signed-off-by: Alexandru Gagniuc <mr.nuke.me@gmail.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
 2021-04-14 15:23:01 -04:00
Alexandru Gagniuc
ed6c9e0b66 lib: Add support for ECDSA image signing 
mkimage supports rsa2048, and rsa4096 signatures. With newer silicon
now supporting hardware-accelerated ECDSA, it makes sense to expand
signing support to elliptic curves.

Implement host-side ECDSA signing and verification with libcrypto.
Device-side implementation of signature verification is beyond the
scope of this patch.

Signed-off-by: Alexandru Gagniuc <mr.nuke.me@gmail.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
 2021-04-14 15:06:08 -04:00