Hi Philippe, On Mon, May 25, 2026 at 9:52 AM Philippe Reynes <[email protected]> wrote: > > Right now, u-boot can only boot image with a > pre-load header with rsa. We add the support > of ecdsa. > > Reviewed-by: Simon Glass <[email protected]> > Signed-off-by: Philippe Reynes <[email protected]> > --- > v3: > - initial version > v4: > - avoid calling image_get_crypto_algo several times > v5: > - simplify the function is_ecdsa > - re-use already computed crypto in function image_pre_load_sig_setup > v6: > - no change > > boot/image-pre-load.c | 53 +++++++++++++++++++++++++++++++++---------- > 1 file changed, 41 insertions(+), 12 deletions(-) >
Looks good to me. Thanks! Reviewed-by: Raymond Mao <[email protected]> > diff --git a/boot/image-pre-load.c b/boot/image-pre-load.c > index 2f851ebb28c..af72ea6d547 100644 > --- a/boot/image-pre-load.c > +++ b/boot/image-pre-load.c > @@ -70,6 +70,12 @@ static int image_pre_load_sig_setup(struct image_sig_info > *info) > return 0; > } > #else > + > +static int is_ecdsa(struct crypto_algo *crypto) > +{ > + return crypto && !strncmp(crypto->name, "ecdsa", 5); > +} > + > /* > * This function gathers information about the signature check > * that could be done before launching the image. > @@ -86,6 +92,7 @@ static int image_pre_load_sig_setup(struct image_sig_info > *info) > int key_len; > int node, ret = 0; > char *sig_info_path = NULL; > + struct crypto_algo *crypto; > > if (!info) { > log_err("ERROR: info is NULL for image pre-load sig check\n"); > @@ -114,11 +121,24 @@ static int image_pre_load_sig_setup(struct > image_sig_info *info) > goto out; > } > > - padding_name = fdt_getprop(gd_fdt_blob(), node, > - IMAGE_PRE_LOAD_PROP_PADDING_NAME, NULL); > - if (!padding_name) { > - log_info("INFO: no padding_name provided, so using > pkcs-1.5\n"); > - padding_name = "pkcs-1.5"; > + crypto = image_get_crypto_algo(algo_name); > + if (!crypto) { > + printf("ERROR: can't find a valid crypto algo from %s\n", > + (char *)algo_name); > + ret = -EINVAL; > + goto out; > + } > + > + if (is_ecdsa(crypto)) { > + padding_name = NULL; > + } else { > + padding_name = fdt_getprop(gd_fdt_blob(), node, > + IMAGE_PRE_LOAD_PROP_PADDING_NAME, > + NULL); > + if (!padding_name) { > + log_info("INFO: no padding_name provided, so using > pkcs-1.5\n"); > + padding_name = "pkcs-1.5"; > + } > } > > sig_size = fdt_getprop(gd_fdt_blob(), node, > @@ -129,12 +149,17 @@ static int image_pre_load_sig_setup(struct > image_sig_info *info) > goto out; > } > > - key = fdt_getprop(gd_fdt_blob(), node, > - IMAGE_PRE_LOAD_PROP_PUBLIC_KEY, &key_len); > - if (!key) { > - log_err("ERROR: no key for image pre-load sig check\n"); > - ret = -EINVAL; > - goto out; > + if (is_ecdsa(crypto)) { > + key = NULL; > + key_len = 0; > + } else { > + key = fdt_getprop(gd_fdt_blob(), node, > + IMAGE_PRE_LOAD_PROP_PUBLIC_KEY, &key_len); > + if (!key) { > + log_err("ERROR: no key for image pre-load sig > check\n"); > + ret = -EINVAL; > + goto out; > + } > } > > info->algo_name = (char *)algo_name; > @@ -152,9 +177,13 @@ static int image_pre_load_sig_setup(struct > image_sig_info *info) > info->sig_info.name = info->algo_name; > info->sig_info.padding = image_get_padding_algo(info->padding_name); > info->sig_info.checksum = > image_get_checksum_algo(info->sig_info.name); > - info->sig_info.crypto = image_get_crypto_algo(info->sig_info.name); > + info->sig_info.crypto = crypto; > info->sig_info.key = info->key; > info->sig_info.keylen = info->key_len; > + if (is_ecdsa(crypto)) { > + info->sig_info.required_keynode = node; > + info->sig_info.fdt_blob = gd_fdt_blob(); > + } > > out: > return ret; > -- > 2.43.0 >
