Hi Raymond,
Le 20/02/2026 à 17:40, Raymond Mao a écrit :
This Mail comes from Outside of SoftAtHome: Do not answer, click links or open
attachments unless you recognize the sender and know the content is safe.
Hi Philippe,
On Thu, Feb 19, 2026 at 8:26 AM Philippe Reynes
<[email protected]> wrote:
Add an software ecdsa driver so it is
now possible to use ecdsa signature on
board without ecdsa hardware support.
Signed-off-by: Philippe Reynes <[email protected]>
---
v2:
- no change
drivers/crypto/Kconfig | 2 ++
drivers/crypto/Makefile | 1 +
drivers/crypto/ecdsa/Kconfig | 6 ++++++
drivers/crypto/ecdsa/Makefile | 6 ++++++
drivers/crypto/ecdsa/ecdsa-sw.c | 33 +++++++++++++++++++++++++++++++++
5 files changed, 48 insertions(+)
create mode 100644 drivers/crypto/ecdsa/Kconfig
create mode 100644 drivers/crypto/ecdsa/Makefile
create mode 100644 drivers/crypto/ecdsa/ecdsa-sw.c
diff --git a/drivers/crypto/Kconfig b/drivers/crypto/Kconfig
index 0d58e3910fe..cf49e5c0f7e 100644
--- a/drivers/crypto/Kconfig
+++ b/drivers/crypto/Kconfig
@@ -12,4 +12,6 @@ source "drivers/crypto/nuvoton/Kconfig"
source "drivers/crypto/tegra/Kconfig"
+source "drivers/crypto/ecdsa/Kconfig"
+
endmenu
diff --git a/drivers/crypto/Makefile b/drivers/crypto/Makefile
index e4a4482b7f3..8170e4cae9c 100644
--- a/drivers/crypto/Makefile
+++ b/drivers/crypto/Makefile
@@ -4,6 +4,7 @@
# http://www.samsung.com/
obj-$(CONFIG_EXYNOS_ACE_SHA) += ace_sha.o
+obj-$(CONFIG_ECDSA) += ecdsa/
obj-y += aes/
obj-y += rsa_mod_exp/
obj-y += fsl/
diff --git a/drivers/crypto/ecdsa/Kconfig b/drivers/crypto/ecdsa/Kconfig
new file mode 100644
index 00000000000..308824d8421
--- /dev/null
+++ b/drivers/crypto/ecdsa/Kconfig
@@ -0,0 +1,6 @@
+config ECDSA_SW
+ bool "Enable driver for ECDSA in software"
+ depends on ECDSA_MBEDTLS
+ help
+ Enable driver for ECDSA operations in software. Currently
+ it supports multiple ECDSA algorithm.
Same comments as I placed in your patch [0/9], ECDSA_SW is not
required and can be replaced by ECDSA_MBEDTLS.
I have discovered that this driver should also depend on ECDSA_VERIFY.
Otherwise we may define a driver (defined in this file) without a device
(defined in lib/ecdsa/ecdsa-verify.c),
and that leads to a crash à boot.
So I have kept this config in v3.
Regards,
Raymond
Regards,
Philippe
diff --git a/drivers/crypto/ecdsa/Makefile b/drivers/crypto/ecdsa/Makefile
new file mode 100644
index 00000000000..8f9e5a767f8
--- /dev/null
+++ b/drivers/crypto/ecdsa/Makefile
@@ -0,0 +1,6 @@
+# SPDX-License-Identifier: GPL-2.0+
+#
+# Copyright (C) 2026 Philippe Reynes <[email protected]>
+#
+
+obj-$(CONFIG_ECDSA_SW) += ecdsa-sw.o
diff --git a/drivers/crypto/ecdsa/ecdsa-sw.c b/drivers/crypto/ecdsa/ecdsa-sw.c
new file mode 100644
index 00000000000..0d526371ecb
--- /dev/null
+++ b/drivers/crypto/ecdsa/ecdsa-sw.c
@@ -0,0 +1,33 @@
+// SPDX-License-Identifier: GPL-2.0+
+/*
+ * Copyright (C) 2026 Philippe Reynes <[email protected]>
+ */
+#include <dm/device.h>
+#include <linux/types.h>
+#include <u-boot/ecdsa.h>
+#include <crypto/ecdsa-uclass.h>
+#include <dm/platdata.h>
+#include <crypto/internal/sw_ecdsa.h>
+
+static int ops_sw_ecdsa_verify(__always_unused struct udevice *dev,
+ const struct ecdsa_public_key *pubkey,
+ const void *hash, size_t hash_len,
+ const void *signature, size_t sig_len)
+{
+ return sw_ecdsa_verify(pubkey, hash, hash_len, signature, sig_len);
+}
+
+static const struct ecdsa_ops sw_ecdsa_ops = {
+ .verify = ops_sw_ecdsa_verify,
+};
+
+U_BOOT_DRIVER(sw_ecdsa) = {
+ .name = "sw_ecdsa",
+ .id = UCLASS_ECDSA,
+ .ops = &sw_ecdsa_ops,
+ .flags = DM_FLAG_PRE_RELOC,
+};
+
+U_BOOT_DRVINFO(sw_ecdsa) = {
+ .name = "sw_ecdsa",
+};
--
2.43.0
