u-boot.git/lib/ecdsa, branch v2025.04 Unnamed repository; edit this file 'description' to name the repository. lib: ecdsa: Add ECDSA384 support 2024-10-21T23:52:52+00:00 Chia-Wei Wang chiawei_wang@aspeedtech.com 2024-10-14T09:56:18+00:00 75068b1a2dbcf475c1043e7aa0f6882554d759bc Add ECDSA384 algorithm support for image signing and verification. Signed-off-by: Chia-Wei Wang <chiawei_wang@aspeedtech.com> Reviewed-by: Simon Glass <sjg@chromium.org> 
Add ECDSA384 algorithm support for image signing and verification.

Signed-off-by: Chia-Wei Wang <chiawei_wang@aspeedtech.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
Merge patch series "Tidy up use of 'SPL' and CONFIG_SPL_BUILD" 2024-10-11T18:23:25+00:00 Tom Rini trini@konsulko.com 2024-10-11T18:23:25+00:00 47e544f576699ca4630e20448db6a05178960697 Simon Glass <sjg@chromium.org> says: When the SPL build-phase was first created it was designed to solve a particular problem (the need to init SDRAM so that U-Boot proper could be loaded). It has since expanded to become an important part of U-Boot, with three phases now present: TPL, VPL and SPL Due to this history, the term 'SPL' is used to mean both a particular phase (the one before U-Boot proper) and all the non-proper phases. This has become confusing. For a similar reason CONFIG_SPL_BUILD is set to 'y' for all 'SPL' phases, not just SPL. So code which can only be compiled for actual SPL, for example, must use something like this: #if defined(CONFIG_SPL_BUILD) && !defined(CONFIG_TPL_BUILD) In Makefiles we have similar issues. SPL_ has been used as a variable which expands to either SPL_ or nothing, to chose between options like CONFIG_BLK and CONFIG_SPL_BLK. When TPL appeared, a new SPL_TPL variable was created which expanded to 'SPL_', 'TPL_' or nothing. Later it was updated to support 'VPL_' as well. This series starts a change in terminology and usage to resolve the above issues: - The word 'xPL' is used instead of 'SPL' to mean a non-proper build - A new CONFIG_XPL_BUILD define indicates that the current build is an 'xPL' build - The existing CONFIG_SPL_BUILD is changed to mean SPL; it is not now defined for TPL and VPL phases - The existing SPL_ Makefile variable is renamed to SPL_ - The existing SPL_TPL Makefile variable is renamed to PHASE_ It should be noted that xpl_phase() can generally be used instead of the above CONFIGs without a code-space or run-time penalty. This series does not attempt to convert all of U-Boot to use this new terminology but it makes a start. In particular, renaming spl.h and common/spl seems like a bridge too far at this point. The series is fully bisectable. It has also been checked to ensure there are no code-size changes on any commit. 
Simon Glass <sjg@chromium.org> says:

When the SPL build-phase was first created it was designed to solve a
particular problem (the need to init SDRAM so that U-Boot proper could
be loaded). It has since expanded to become an important part of U-Boot,
with three phases now present: TPL, VPL and SPL

Due to this history, the term 'SPL' is used to mean both a particular
phase (the one before U-Boot proper) and all the non-proper phases.
This has become confusing.

For a similar reason CONFIG_SPL_BUILD is set to 'y' for all 'SPL'
phases, not just SPL. So code which can only be compiled for actual SPL,
for example, must use something like this:

   #if defined(CONFIG_SPL_BUILD) && !defined(CONFIG_TPL_BUILD)

In Makefiles we have similar issues. SPL_ has been used as a variable
which expands to either SPL_ or nothing, to chose between options like
CONFIG_BLK and CONFIG_SPL_BLK. When TPL appeared, a new SPL_TPL variable
was created which expanded to 'SPL_', 'TPL_' or nothing. Later it was
updated to support 'VPL_' as well.

This series starts a change in terminology and usage to resolve the
above issues:

- The word 'xPL' is used instead of 'SPL' to mean a non-proper build
- A new CONFIG_XPL_BUILD define indicates that the current build is an
  'xPL' build
- The existing CONFIG_SPL_BUILD is changed to mean SPL; it is not now
  defined for TPL and VPL phases
- The existing SPL_ Makefile variable is renamed to SPL_
- The existing SPL_TPL Makefile variable is renamed to PHASE_

It should be noted that xpl_phase() can generally be used instead of
the above CONFIGs without a code-space or run-time penalty.

This series does not attempt to convert all of U-Boot to use this new
terminology but it makes a start. In particular, renaming spl.h and
common/spl seems like a bridge too far at this point.

The series is fully bisectable. It has also been checked to ensure there
are no code-size changes on any commit.
global: Rename SPL_ to XPL_ 2024-10-11T17:44:48+00:00 Simon Glass sjg@chromium.org 2024-09-30T01:49:53+00:00 c46760d5967d12b6f7d37402878d1607a98b2b84 Use XPL_ as the symbol to indicate an SPL build. This means that SPL_ is no-longer set. Signed-off-by: Simon Glass <sjg@chromium.org> 
Use XPL_ as the symbol to indicate an SPL build. This means that SPL_ is
no-longer set.

Signed-off-by: Simon Glass <sjg@chromium.org>
mkimage: ecdsa: add nodes to signature/key node 2024-10-08T03:31:20+00:00 Matthias Pritschet matthias.pritschet@itk-engineering.de 2024-08-29T12:44:47+00:00 c623bce70c905739aff8f85fac4c61eacb3b8e99 Add the "required", "algo", and "key-name-hint" nodes to the signature/key node if ecdsa256 is used. This change is mainly copy&paste from rsa_add_verify_data which already adds these nodes. Signed-off-by: Matthias Pritschet <matthias.pritschet@itk-engineering.de> 
Add the "required", "algo", and "key-name-hint" nodes to the
signature/key node if ecdsa256 is used.

This change is mainly copy&paste from rsa_add_verify_data which already
adds these nodes.

Signed-off-by: Matthias Pritschet <matthias.pritschet@itk-engineering.de>
mkimage: ecdsa: add signature/key nodes to dtb if missing 2024-10-08T03:30:50+00:00 Matthias Pritschet matthias.pritschet@itk-engineering.de 2024-08-27T16:00:54+00:00 b67436d31969e6d6b76b39849da276506058b900 If the signature/key node(s) are not yet present in the U-Boot device tree, ecdsa_add_verify_data simply fails if it can't find the nodes. This behaviour differs from rsa_add_verify_data, wich does add the missing nodes and proceeds in that case. This change is mainly copy&paste from rsa_add_verify_data to add the same behaviour to ecdsa_add_verify_data. Signed-off-by: Matthias Pritschet <matthias.pritschet@itk-engineering.de> 
If the signature/key node(s) are not yet present in the U-Boot device
tree, ecdsa_add_verify_data simply fails if it can't find the nodes.
This behaviour differs from rsa_add_verify_data, wich does add the missing
nodes and proceeds in that case.

This change is mainly copy&paste from rsa_add_verify_data to add the
same behaviour to ecdsa_add_verify_data.

Signed-off-by: Matthias Pritschet <matthias.pritschet@itk-engineering.de>
Add mkimage secp521r1 ECDSA curve support 2024-10-02T19:35:56+00:00 Joakim Tjernlund joakim.tjernlund@infinera.com 2024-09-20T16:14:35+00:00 7bc5f66f55fd1a3106e8e6beb91949e0c34fc7b1 Adds support for the secp521r1 ECDSA algorithm to mkimage. Signed-off-by: Joakim Tjernlund <joakim.tjernlund@infinera.com> Reviewed-by: Simon Glass <sjg@chromium.org> 
Adds support for the secp521r1 ECDSA algorithm to mkimage.

Signed-off-by: Joakim Tjernlund <joakim.tjernlund@infinera.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
Check curve_name for null to avoid crash 2024-03-07T12:41:41+00:00 Bob Wolff bob.wolff68@gmail.com 2024-02-27T23:57:03+00:00 9522956605205d23fe99142547ca3227574d418a If mixed rsa and ecdsa keys are specified in dtsi, an rsa key can be sent into the ecdsa verify. Without the ecdsa,curve property, this function will crash due to lack of checking the null pointer return. Signed-off-by: Bob Wolff <bob.wolff68@gmail.com> 
If mixed rsa and ecdsa keys are specified in dtsi, an rsa key can be sent
into the ecdsa verify. Without the ecdsa,curve property, this function will
crash due to lack of checking the null pointer return.

Signed-off-by: Bob Wolff <bob.wolff68@gmail.com>
mkimage: ecdsa: password for signing from environment 2023-06-20T20:08:13+00:00 Stefano Babic sbabic@denx.de 2023-05-25T08:18:05+00:00 50195a23468e3a8a32cba8534d76627b5d189551 Use a variable (MKIMAGE_SIGN_PASSWORD) like already done for RSA to allow the signing process to run in batch. Signed-off-by: Stefano Babic <sbabic@denx.de> 
Use a variable (MKIMAGE_SIGN_PASSWORD) like already done for RSA to
allow the signing process to run in batch.

Signed-off-by: Stefano Babic <sbabic@denx.de>
spl: Ensure all SPL symbols in Kconfig have some SPL dependency 2022-07-07T13:29:08+00:00 Tom Rini trini@konsulko.com 2022-06-11T03:03:09+00:00 b340199f828e7d57945785b698ff97469972d1ca Tighten up symbol dependencies in a number of places. Ensure that a SPL specific option has at least a direct dependency on SPL. In places where it's clear that we depend on something more specific, use that dependency instead. This means in a very small number of places we can drop redundant dependencies. Reported-by: Pali Rohár <pali@kernel.org> Signed-off-by: Tom Rini <trini@konsulko.com> 
Tighten up symbol dependencies in a number of places.  Ensure that a SPL
specific option has at least a direct dependency on SPL.  In places
where it's clear that we depend on something more specific, use that
dependency instead.  This means in a very small number of places we can
drop redundant dependencies.

Reported-by: Pali Rohár <pali@kernel.org>
Signed-off-by: Tom Rini <trini@konsulko.com>
image: Return destination node for add_verify_data() method 2022-01-26T15:50:44+00:00 Simon Glass sjg@chromium.org 2021-11-12T19:28:11+00:00 c033dc8c0c4b744e028e124f88be4829309c75d1 It is useful to know where the verification data was written. Update the API to return this. Signed-off-by: Simon Glass <sjg@chromium.org> 
It is useful to know where the verification data was written. Update the
API to return this.

Signed-off-by: Simon Glass <sjg@chromium.org>