Right now, u-boot can only boot image with a pre-load header with rsa. We add the support of ecdsa.
Signed-off-by: Philippe Reynes <[email protected]> --- v3: - initial version boot/image-pre-load.c | 48 +++++++++++++++++++++++++++++++++---------- 1 file changed, 37 insertions(+), 11 deletions(-) diff --git a/boot/image-pre-load.c b/boot/image-pre-load.c index 2f851ebb28c..73d740c4cf2 100644 --- a/boot/image-pre-load.c +++ b/boot/image-pre-load.c @@ -70,6 +70,18 @@ static int image_pre_load_sig_setup(struct image_sig_info *info) return 0; } #else + +static int is_ecdsa(const void *algo_name) +{ + struct crypto_algo *crypto = image_get_crypto_algo(algo_name); + int ret = 0; + + if (crypto && !strncmp(crypto->name, "ecdsa", strlen("ecdsa"))) + return 1; + + return ret; +} + /* * This function gathers information about the signature check * that could be done before launching the image. @@ -114,11 +126,16 @@ static int image_pre_load_sig_setup(struct image_sig_info *info) goto out; } - padding_name = fdt_getprop(gd_fdt_blob(), node, - IMAGE_PRE_LOAD_PROP_PADDING_NAME, NULL); - if (!padding_name) { - log_info("INFO: no padding_name provided, so using pkcs-1.5\n"); - padding_name = "pkcs-1.5"; + if (is_ecdsa(algo_name)) { + padding_name = NULL; + } else { + padding_name = fdt_getprop(gd_fdt_blob(), node, + IMAGE_PRE_LOAD_PROP_PADDING_NAME, + NULL); + if (!padding_name) { + log_info("INFO: no padding_name provided, so using pkcs-1.5\n"); + padding_name = "pkcs-1.5"; + } } sig_size = fdt_getprop(gd_fdt_blob(), node, @@ -129,12 +146,17 @@ static int image_pre_load_sig_setup(struct image_sig_info *info) goto out; } - key = fdt_getprop(gd_fdt_blob(), node, - IMAGE_PRE_LOAD_PROP_PUBLIC_KEY, &key_len); - if (!key) { - log_err("ERROR: no key for image pre-load sig check\n"); - ret = -EINVAL; - goto out; + if (is_ecdsa(algo_name)) { + key = NULL; + key_len = 0; + } else { + key = fdt_getprop(gd_fdt_blob(), node, + IMAGE_PRE_LOAD_PROP_PUBLIC_KEY, &key_len); + if (!key) { + log_err("ERROR: no key for image pre-load sig check\n"); + ret = -EINVAL; + goto out; + } } info->algo_name = (char *)algo_name; @@ -155,6 +177,10 @@ static int image_pre_load_sig_setup(struct image_sig_info *info) info->sig_info.crypto = image_get_crypto_algo(info->sig_info.name); info->sig_info.key = info->key; info->sig_info.keylen = info->key_len; + if (is_ecdsa(algo_name)) { + info->sig_info.required_keynode = node; + info->sig_info.fdt_blob = gd_fdt_blob(); + } out: return ret; -- 2.43.0
