Hi Jamin, hi Paul After looking into the code of mkimage, I agree with the patch. It is correct that rsa-sign.c needs key + crt files but ecdsa-libcrypto.c uses a pem file.
My conclusion is: The patch can be merged. Thank you. Regards, Adrian On Tue, 2026-05-19 at 01:23 +0000, Jamin Lin via lists.openembedded.org wrote: > > From: Jamin Lin > Sent: Tuesday, May 19, 2026 9:17 AM > To: 'Adrian Freihofer' <[email protected]> > Cc: OE-core <[email protected]>; Troy Lee > <[email protected]>; Vince Chang <[email protected]>; > [email protected] > Subject: RE: [OE-core] [PATCH v1] kernel-fit-image: Check signing key > files based on algorithm > > Hi Adrian, Paul > > Thanks for the review and suggestions. > > The handling of RSA and ECDSA keys in mkimage is different. > > For ECDSA, mkimage only uses the .pem file format as the private key > for signing the image. > It does not use separate .key and .crt files. However, OE/fitimage.py > currently requires users to provide both .key and .crt files. > > As a result, when users want to use the ECDSA algorithm, they are > required to prepare .pem, .key, and .crt files, even though only the > .pem file is actually used by mkimage. > The .key and .crt files are only needed to satisfy the OE/fitimage.py > requirements. > > Please also refer to the ECDSA implementation in U-Boot: > https://github.com/u-boot/u-boot/blob/master/lib/ecdsa/ecdsa-libcrypto.c > > If you believe that users should still be required to provide .key > and .crt files in OE/fitimage, then this patch can be dropped. > > Thanks, > Jamin > > > > > > >
-=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#237289): https://lists.openembedded.org/g/openembedded-core/message/237289 Mute This Topic: https://lists.openembedded.org/mt/119327152/21656 Group Owner: [email protected] Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [[email protected]] -=-=-=-=-=-=-=-=-=-=-=-
