[RFC PATCH 0/4] add software ecdsa support

Mon, 02 Feb 2026 09:05:48 -0800 

This serie adds the support of ecdsa with software
using mbedtls. So boards without ecdsa hardware may
also use signature with ecdsa.

To add the support of ecdsa with mbedtls, I have:
- enabled ecdsa in mbedtls
- add a function sw_ecdsa_verify that uses mbedtls
- add a driver sw_ecdsa that call sw_ecdsa_verify

I have tested this code with sandbox, and I have
followed those steps:

0) build u-boot using sandbox_defconfig and adding those options:
CONFIG_ECDSA_SW=y
CONFIG_ECDSA_MBEDTLS=y
CONFIG_ECDSA=y
CONFIG_ECDSA_VERIFY=y

1) add a signature node to an its file
        signature-256 {
                algo = "sha256,ecdsa256";
                key-name-hint = "private-key-256";
        };

2) generate an ecdsa key
openssl ecparam -name prime256v1 -genkey -noout -out private-key-256.pem

3) create the itb file
./tools/mkimage -f <file.its> -k . -K arch/sandbox/dts/test.dtb <file.itb>

4) launch sandbox u-boot

./u-boot -d arch/sandbox/dts/test.dtb

5) on sandbox u-boot prompt, load the itb and launch bootm on it

=> host load hostfs - 1000000 uboot-ecdsa.itb
4628674 bytes read in 1 ms (4.3 GiB/s)
=> bootm 1000000
...
...
   Verifying Hash Integrity ... sha256,ecdsa256:private-key-256+ OK


I have tested with success ecdsa256 and ecdsa384,
but there is an issue with secp521r1. 


Philippe Reynes (4):
  mbedtls: enable support of ecc
  ecdsa: initial support of ecdsa using mbedtls
  test: lib: sw_ecdsa: add initial test
  drivers: crypto: add software ecdsa support

 drivers/crypto/Kconfig             |   2 +
 drivers/crypto/Makefile            |   1 +
 drivers/crypto/ecdsa/Kconfig       |   6 +
 drivers/crypto/ecdsa/Makefile      |   6 +
 drivers/crypto/ecdsa/ecdsa-sw.c    |  33 +++
 include/crypto/internal/sw_ecdsa.h |  14 +
 lib/mbedtls/Kconfig                |   8 +
 lib/mbedtls/Makefile               |  10 +
 lib/mbedtls/mbedtls_def_config.h   |  18 ++
 lib/mbedtls/sw_ecdsa.c             |  94 ++++++
 test/lib/Makefile                  |   1 +
 test/lib/sw_ecdsa.c                | 445 +++++++++++++++++++++++++++++
 12 files changed, 638 insertions(+)
 create mode 100644 drivers/crypto/ecdsa/Kconfig
 create mode 100644 drivers/crypto/ecdsa/Makefile
 create mode 100644 drivers/crypto/ecdsa/ecdsa-sw.c
 create mode 100644 include/crypto/internal/sw_ecdsa.h
 create mode 100644 lib/mbedtls/sw_ecdsa.c
 create mode 100644 test/lib/sw_ecdsa.c

-- 
2.43.0

Reply via email to