Right now, u-boot can only boot image with a pre-load header with rsa. We add the support of ecdsa.
Reviewed-by: Simon Glass <[email protected]> Reviewed-by: Raymond Mao <[email protected]> Signed-off-by: Philippe Reynes <[email protected]> --- v3: - initial version v4: - avoid calling image_get_crypto_algo several times v5: - simplify the function is_ecdsa - re-use already computed crypto in function image_pre_load_sig_setup v6: - no change v7: - no change boot/image-pre-load.c | 53 +++++++++++++++++++++++++++++++++---------- 1 file changed, 41 insertions(+), 12 deletions(-) diff --git a/boot/image-pre-load.c b/boot/image-pre-load.c index 2f851ebb28c..af72ea6d547 100644 --- a/boot/image-pre-load.c +++ b/boot/image-pre-load.c @@ -70,6 +70,12 @@ static int image_pre_load_sig_setup(struct image_sig_info *info) return 0; } #else + +static int is_ecdsa(struct crypto_algo *crypto) +{ + return crypto && !strncmp(crypto->name, "ecdsa", 5); +} + /* * This function gathers information about the signature check * that could be done before launching the image. @@ -86,6 +92,7 @@ static int image_pre_load_sig_setup(struct image_sig_info *info) int key_len; int node, ret = 0; char *sig_info_path = NULL; + struct crypto_algo *crypto; if (!info) { log_err("ERROR: info is NULL for image pre-load sig check\n"); @@ -114,11 +121,24 @@ static int image_pre_load_sig_setup(struct image_sig_info *info) goto out; } - padding_name = fdt_getprop(gd_fdt_blob(), node, - IMAGE_PRE_LOAD_PROP_PADDING_NAME, NULL); - if (!padding_name) { - log_info("INFO: no padding_name provided, so using pkcs-1.5\n"); - padding_name = "pkcs-1.5"; + crypto = image_get_crypto_algo(algo_name); + if (!crypto) { + printf("ERROR: can't find a valid crypto algo from %s\n", + (char *)algo_name); + ret = -EINVAL; + goto out; + } + + if (is_ecdsa(crypto)) { + padding_name = NULL; + } else { + padding_name = fdt_getprop(gd_fdt_blob(), node, + IMAGE_PRE_LOAD_PROP_PADDING_NAME, + NULL); + if (!padding_name) { + log_info("INFO: no padding_name provided, so using pkcs-1.5\n"); + padding_name = "pkcs-1.5"; + } } sig_size = fdt_getprop(gd_fdt_blob(), node, @@ -129,12 +149,17 @@ static int image_pre_load_sig_setup(struct image_sig_info *info) goto out; } - key = fdt_getprop(gd_fdt_blob(), node, - IMAGE_PRE_LOAD_PROP_PUBLIC_KEY, &key_len); - if (!key) { - log_err("ERROR: no key for image pre-load sig check\n"); - ret = -EINVAL; - goto out; + if (is_ecdsa(crypto)) { + key = NULL; + key_len = 0; + } else { + key = fdt_getprop(gd_fdt_blob(), node, + IMAGE_PRE_LOAD_PROP_PUBLIC_KEY, &key_len); + if (!key) { + log_err("ERROR: no key for image pre-load sig check\n"); + ret = -EINVAL; + goto out; + } } info->algo_name = (char *)algo_name; @@ -152,9 +177,13 @@ static int image_pre_load_sig_setup(struct image_sig_info *info) info->sig_info.name = info->algo_name; info->sig_info.padding = image_get_padding_algo(info->padding_name); info->sig_info.checksum = image_get_checksum_algo(info->sig_info.name); - info->sig_info.crypto = image_get_crypto_algo(info->sig_info.name); + info->sig_info.crypto = crypto; info->sig_info.key = info->key; info->sig_info.keylen = info->key_len; + if (is_ecdsa(crypto)) { + info->sig_info.required_keynode = node; + info->sig_info.fdt_blob = gd_fdt_blob(); + } out: return ret; -- 2.43.0
