[{"id":3679178,"web_url":"http://patchwork.ozlabs.org/comment/3679178/","msgid":"<CAFLszTiG50vp=YSYzY5uPGD0QXgTzmwnvWi=fCzA-csXqRO8VQ@mail.gmail.com>","list_archive_url":null,"date":"2026-04-20T02:12:17","subject":"Re: [PATCH v4 09/14] tools: mkimage: pre-load: add support of ecdsa","submitter":{"id":6170,"url":"http://patchwork.ozlabs.org/api/people/6170/","name":"Simon Glass","email":"sjg@chromium.org"},"content":"Hi Philippe,\n\nOn 2026-04-17T13:02:04, Philippe Reynes <philippe.reynes@softathome.com> wrote:\n> tools: mkimage: pre-load: add support of ecdsa\n>\n> Right now, mkimage can only create pre-load header\n> using rsa. We add the support of ecdsa.\n>\n> Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>\n>\n> lib/ecdsa/ecdsa-libcrypto.c | 29 +++++++++++++----\n>  tools/image-host.c          | 79 ++++++++++++++++++++++++++++++++++++++-------\n>  2 files changed, 90 insertions(+), 18 deletions(-)\n\n> diff --git a/lib/ecdsa/ecdsa-libcrypto.c b/lib/ecdsa/ecdsa-libcrypto.c\n> @@ -538,6 +533,26 @@ static int do_add(struct signer *ctx, void *fdt, const char *key_node_name,\n> +     if (info->required_keynode > 0) {\n> +             key_node = info->required_keynode;\n> +     } else {\n\nStrictly speaking the check should be >= 0\n\n> diff --git a/tools/image-host.c b/tools/image-host.c\n> @@ -1244,13 +1245,61 @@ err_cert:\n> +static int fit_pre_load_data_key_ecdsa(const char *keydir, void *keydest,\n> +                                    int pre_load_noffset, const void *key_name,\n> +                                    const void *algo_name)\n> +{\n> +     struct image_sign_info info;\n> +     int node, ret = 0;\n> +\n> +     memset(&info, 0, sizeof(info));\n> +     info.keydir = keydir;\n> +     info.keyname = strdup(key_name);\n> +     info.name = strdup(algo_name);\n> +     info.checksum = image_get_checksum_algo(algo_name);\n> +     info.crypto = image_get_crypto_algo(algo_name);\n> +     info.required_keynode = pre_load_noffset;\n> +\n> +     node = ecdsa_add_verify_data(&info, keydest);\n\nPlease can you check for NULL returns from image_get_checksum_algo()\nand image_get_crypto_algo()? Otherwise ecdsa_add_verify_data() ->\nprepare_ctx() -> alloc_ctx() will dereference NULL\n\nSee fit_image_setup_sig_info() for an example.\n\nReviewed-by: Simon Glass <sjg@chromium.org>\n\nRegards,\nSimon","headers":{"Return-Path":"<u-boot-bounces@lists.denx.de>","X-Original-To":"incoming@patchwork.ozlabs.org","Delivered-To":"patchwork-incoming@legolas.ozlabs.org","Authentication-Results":["legolas.ozlabs.org;\n\tdkim=pass (1024-bit key;\n unprotected) header.d=chromium.org header.i=@chromium.org header.a=rsa-sha256\n header.s=google header.b=aDNQu5NE;\n\tdkim-atps=neutral","legolas.ozlabs.org;\n spf=pass (sender SPF authorized) smtp.mailfrom=lists.denx.de\n (client-ip=2a01:238:438b:c500:173d:9f52:ddab:ee01; helo=phobos.denx.de;\n envelope-from=u-boot-bounces@lists.denx.de; receiver=patchwork.ozlabs.org)","phobos.denx.de;\n dmarc=pass (p=none dis=none) header.from=chromium.org","phobos.denx.de;\n spf=pass smtp.mailfrom=u-boot-bounces@lists.denx.de","phobos.denx.de;\n\tdkim=pass (1024-bit key;\n unprotected) header.d=chromium.org header.i=@chromium.org\n header.b=\"aDNQu5NE\";\n\tdkim-atps=neutral","phobos.denx.de;\n dmarc=pass (p=none dis=none) header.from=chromium.org","phobos.denx.de;\n spf=pass smtp.mailfrom=sjg@chromium.org"],"Received":["from phobos.denx.de (phobos.denx.de\n [IPv6:2a01:238:438b:c500:173d:9f52:ddab:ee01])\n\t(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)\n\t key-exchange x25519)\n\t(No client certificate requested)\n\tby legolas.ozlabs.org (Postfix) with ESMTPS id 4fzTXc5y16z1yGt\n\tfor <incoming@patchwork.ozlabs.org>; Mon, 20 Apr 2026 12:12:48 +1000 (AEST)","from h2850616.stratoserver.net (localhost [IPv6:::1])\n\tby phobos.denx.de (Postfix) with ESMTP id 1A814842B7;\n\tMon, 20 Apr 2026 04:12:44 +0200 (CEST)","by phobos.denx.de (Postfix, from userid 109)\n id 5D348842B7; Mon, 20 Apr 2026 04:12:43 +0200 (CEST)","from mail-ej1-x62b.google.com (mail-ej1-x62b.google.com\n [IPv6:2a00:1450:4864:20::62b])\n (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits))\n (No client certificate requested)\n by phobos.denx.de (Postfix) with ESMTPS id 706828419E\n for <u-boot@lists.denx.de>; Mon, 20 Apr 2026 04:12:41 +0200 (CEST)","by mail-ej1-x62b.google.com with SMTP id\n a640c23a62f3a-b8f9568e074so464988266b.0\n for <u-boot@lists.denx.de>; Sun, 19 Apr 2026 19:12:41 -0700 (PDT)"],"X-Spam-Checker-Version":"SpamAssassin 3.4.2 (2018-09-13) on phobos.denx.de","X-Spam-Level":"","X-Spam-Status":"No, score=-2.1 required=5.0 tests=BAYES_00,DKIMWL_WL_HIGH,\n DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,\n RCVD_IN_DNSWL_BLOCKED,SPF_HELO_NONE,SPF_PASS autolearn=ham\n autolearn_force=no version=3.4.2","ARC-Seal":"i=1; a=rsa-sha256; t=1776651161; cv=none;\n d=google.com; s=arc-20240605;\n b=OxxGufEPBwRYMBp7UfScVVuF9MMfnqZDvhIHRQq+999uu9/DYZaW2DAO46+ulR45+Y\n nrpfo3/bgyOi2xwH48qQD0Sjd7v68s1VFrRVq1QaT2v7DaPgV23RqWnp1T6RCmKqHcHZ\n XZCP5qjSZyB1UVPVHLq9jMO/ntG1F2nHw1sqJjwQZe4r/0eAOnNgEuOFSFKNNJwzXRRb\n xEmjUbDD0JK8+CmTNLPb0CJO4ILu2yC2wmogX47vRTR+hDtkOxFq9Qh9UAcYBXprdcr2\n AEMfnU3z+f6G0cg0fAkraDeQA7HtVt/tjj8SqRZW5JldAse+kAb/UmRc7/yEBdjFKNBT\n uyrA==","ARC-Message-Signature":"i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com;\n s=arc-20240605;\n h=cc:to:subject:message-id:date:from:in-reply-to:references\n :mime-version:dkim-signature;\n bh=ikM3qHBtlD9FKmAMj9EVqrcua7yu+Hjuo5LlwrepzdQ=;\n fh=axaieEKI1EPnKwzDhCT1NTUzAiELcbdCJIApDIYu7as=;\n b=InD8lHp07UerGSRiNb6EXjlGU868bJ77v0sTPsuo8b2yYSScE3zjoYVQwe8j+kkTYy\n y1VL3g6Ihta0qhk8XMIji/H7ZoTgCJdAPnJnTTIoTi0kCDQziXEsk+dqIJRZBeT6vW0u\n 8O+rmAwQtb0v66kXsPPr7gQB9t3jKAZ5K8JVwsvl4KhfKJI5IEjSaTGh089qTzvfWBIo\n xtrcL/QxAE+vjBF5J3ZfTwLJnip5X+1Dw8O7nAxxS96jLgBdRms6JXGVHzSW1uUdz07a\n dDGbBTqmOJokjKDWBGYzulxrTEQ27vAhsht11D3oohs3lU2alZTGutdS22r276v1qRth\n 5uZA==; darn=lists.denx.de","ARC-Authentication-Results":"i=1; mx.google.com; arc=none","DKIM-Signature":"v=1; a=rsa-sha256; c=relaxed/relaxed;\n d=chromium.org; s=google; t=1776651161; x=1777255961; darn=lists.denx.de;\n h=cc:to:subject:message-id:date:from:in-reply-to:references\n :mime-version:from:to:cc:subject:date:message-id:reply-to;\n bh=ikM3qHBtlD9FKmAMj9EVqrcua7yu+Hjuo5LlwrepzdQ=;\n b=aDNQu5NEMhT2Gaai8Ow+5iSuTLxbtZFl6sAU4JzDTyxUhFAVAIcW5iYQ5vgTf5OWJ8\n E12fwEmewOBmcPtBF1Z1gTQQuwg4BT6VVXIfZ8rI2Ykf2yjq9qgvDXwAwzH2ARSa+Npo\n Bk3srrlclur1lC+uEKX5rQCV4p+ANS73qbfK0=","X-Google-DKIM-Signature":"v=1; a=rsa-sha256; c=relaxed/relaxed;\n d=1e100.net; s=20251104; t=1776651161; x=1777255961;\n h=cc:to:subject:message-id:date:from:in-reply-to:references\n :mime-version:x-gm-gg:x-gm-message-state:from:to:cc:subject:date\n :message-id:reply-to;\n bh=ikM3qHBtlD9FKmAMj9EVqrcua7yu+Hjuo5LlwrepzdQ=;\n b=TR4FPzrzuJeBzQht8PbknYthfGOyRwtiwLDUVzLflKl7cxHVgkWfN+J/1vZxcjU0s7\n tFD1cCcoPrd/rS/aMfvM5n5GGBcnVlbRkWqtclzfuoDgOeFqKB2Nmrz9gZG9bYIFu8C+\n l3fwGnsaEVKtx3jRJTjeSSbQMhgsRD5OfZeFqpFZ5Wm0GzZJtEyuM9NQajVnS0+aqemV\n kXIslyLS+yO86AJftzJv/6wKgOL1dF/zdleinlkcEB4V4lyKx5WxFTkxdFAk3jWy5kud\n TncQc5qYMRFn9QYDHtXnkF4Q+J2n2I5mUBmogGT59DAyXV+MWMBCP7YikyTeysp/EDYp\n 3m6Q==","X-Forwarded-Encrypted":"i=1;\n AFNElJ/ndE0e1jS6X+4smJfFRf5zymExcQPHqo5GovA9Xe8WaaAL7X03xGTn6Sc5h086JiOMs8QZ8xw=@lists.denx.de","X-Gm-Message-State":"AOJu0YySY6GpD99C9O8gJVyL52M0N1SkMRohoq3xrt+ttPW0veBaScIp\n qG5rAvSnOyPIpimySkbLZPybVTEt7ay0Fov4Vxu+Q9WVLpNpE7naT5FawIeXLYoAM2IEJO2Bo2n\n r79T9//ooR+z8iNPmY/LUnBastMxq7P7+XG6TtlPp","X-Gm-Gg":"AeBDievXQDam9asBHReW4KmT1DEqRazjkgn1wOax93DSMU9Hi6coS7xzhmFckm0hAgy\n +cWCPZaBii0l1A3Wctwexx4KmyhKtty+Du34F21yFWy0KrOzxYKe0uatHHY8WHkgQXc4KBDRUyQ\n asH1e8wcC04Pmog3t9N3dfxBGE4RU72bfo2Bs5LndEJvCGJ3lOWk+i1rGiiGcn6VfXhJNsA6KUg\n g7Zj2sZeJHSi/WADlOxUBzJD9uUcSEfbXMjwAO357D/CZMLYaJQFyT/detqEJwNV/lAJrQcRNCL\n ZZWg/etPF2VqPlbZB887UmW0YEJzQ6c=","X-Received":"by 2002:a17:907:d641:b0:b9b:e619:a73a with SMTP id\n a640c23a62f3a-ba41b3e2885mr539692666b.46.1776651160957; Sun, 19 Apr 2026\n 19:12:40 -0700 (PDT)","MIME-Version":"1.0","References":"<20260417130204.49896-1-philippe.reynes@softathome.com>\n <20260417130204.49896-10-philippe.reynes@softathome.com>","In-Reply-To":"<20260417130204.49896-10-philippe.reynes@softathome.com>","From":"Simon Glass <sjg@chromium.org>","Date":"Mon, 20 Apr 2026 14:12:17 +1200","X-Gm-Features":"AQROBzBBb1skThPaL0id8UbuaA8_IR38oy4Ea7ZRMBfKbmDs-E39y6oJV5XaZfM","Message-ID":"\n <CAFLszTiG50vp=YSYzY5uPGD0QXgTzmwnvWi=fCzA-csXqRO8VQ@mail.gmail.com>","Subject":"Re: [PATCH v4 09/14] tools: mkimage: pre-load: add support of ecdsa","To":"philippe.reynes@softathome.com","Cc":"marko.makela@iki.fi, jonny.green@keytechinc.com, raymondmaoca@gmail.com,\n trini@konsulko.com, simon.glass@canonical.com, u-boot@lists.denx.de","Content-Type":"text/plain; charset=\"UTF-8\"","X-BeenThere":"u-boot@lists.denx.de","X-Mailman-Version":"2.1.39","Precedence":"list","List-Id":"U-Boot discussion <u-boot.lists.denx.de>","List-Unsubscribe":"<https://lists.denx.de/options/u-boot>,\n <mailto:u-boot-request@lists.denx.de?subject=unsubscribe>","List-Archive":"<https://lists.denx.de/pipermail/u-boot/>","List-Post":"<mailto:u-boot@lists.denx.de>","List-Help":"<mailto:u-boot-request@lists.denx.de?subject=help>","List-Subscribe":"<https://lists.denx.de/listinfo/u-boot>,\n <mailto:u-boot-request@lists.denx.de?subject=subscribe>","Errors-To":"u-boot-bounces@lists.denx.de","Sender":"\"U-Boot\" <u-boot-bounces@lists.denx.de>","X-Virus-Scanned":"clamav-milter 0.103.8 at phobos.denx.de","X-Virus-Status":"Clean"}}]