On 2026-07-03T01:49:45, James Hilliard <[email protected]> wrote: > lib: ecdsa: support additional curve sizes > > U-Boot's ECDSA FIT code is tied closely to prime256v1 and secp384r1. > Hardware verifiers may support a wider set of curves, and FIT public key > properties need to preserve the fixed coordinate width of those curves. > > Add common curve-size handling for secp224r1, prime256v1, secp384r1 and > secp521r1. Use fixed-width big-endian byte arrays when writing libcrypto > BIGNUM values into the control FDT so non-32-bit-aligned coordinates such > as secp521r1 are encoded correctly. RSA key sizes are already multiples > of 32 bits, so their generated byte encoding is unchanged. > > Register the corresponding host and target ECDSA algorithm names and > clean up the libcrypto signing context so raw signatures are owned and > freed consistently on error paths. > > SPL ECDSA verification uses UCLASS_ECDSA, so make SPL_ECDSA_VERIFY > depend on SPL_DM. Keep fdt_add_bignum() in the libfdt error namespace so > RSA and ECDSA callers continue to handle FDT growth and other errors > consistently. > [...] > > doc/mkimage.1 | 3 + > doc/usage/fit/signature.rst | 9 ++- > include/u-boot/ecdsa.h | 22 +++++++ > include/u-boot/fdt-libcrypto.h | 6 +- > lib/ecdsa/Kconfig | 2 +- > lib/ecdsa/ecdsa-libcrypto.c | 141 > ++++++++++++++++++++++++++--------------- > lib/ecdsa/ecdsa-verify.c | 39 ++++++------ > lib/fdt-libcrypto.c | 60 ++++-------------- > tools/image-sig-host.c | 7 ++ > 9 files changed, 162 insertions(+), 127 deletions(-)
Reviewed-by: Simon Glass <[email protected]>

