[{"id":3679172,"web_url":"http://patchwork.ozlabs.org/comment/3679172/","msgid":"","list_archive_url":null,"date":"2026-04-20T02:11:11","subject":"Re: [PATCH v4 01/14] mbedtls: enable support of ecc","submitter":{"id":6170,"url":"http://patchwork.ozlabs.org/api/people/6170/","name":"Simon Glass","email":"sjg@chromium.org"},"content":"Hi Philippe,\n\nOn 2026-04-17T13:02:04, Philippe Reynes wrote:\n> mbedtls: enable support of ecc\n>\n> Enables the support of ecc in mbedtls.\n>\n> Signed-off-by: Philippe Reynes \n>\n> configs/sandbox_defconfig | 1 +\n> lib/ecdsa/Kconfig | 1 +\n> lib/mbedtls/Kconfig | 14 ++++++++++++++\n> lib/mbedtls/Makefile | 17 +++++++++--------\n> lib/mbedtls/mbedtls_def_config.h | 17 +++++++++++++++++\n> 5 files changed, 42 insertions(+), 8 deletions(-)\n\n> diff --git a/lib/mbedtls/Makefile b/lib/mbedtls/Makefile\n> @@ -38,14 +38,20 @@ mbedtls_lib_crypto-$(CONFIG_$(PHASE_)HKDF_MBEDTLS) += \\\n> +mbedtls_lib_x509-y := $(MBEDTLS_LIB_DIR)/x509.o \\\n> + $(MBEDTLS_LIB_DIR)/ecdsa.o \\\n> + $(MBEDTLS_LIB_DIR)/ecp.o \\\n> + $(MBEDTLS_LIB_DIR)/ecp_curves.o \\\n> + $(MBEDTLS_LIB_DIR)/ecp_curves_new.o \\\n> + $(MBEDTLS_LIB_DIR)/pk_ecc.o\n\nThe ECC objects are unconditionally included in mbedtls_lib_x509-y,\nincreasing binary size for configurations needing X509 without ECDSA.\nPlease can you make these conditional on CONFIG_ECDSA_MBEDTLS,\nfollowing the RSA_PUBLIC_KEY_PARSER_MBEDTLS pattern?\n\n> diff --git a/lib/mbedtls/mbedtls_def_config.h b/lib/mbedtls/mbedtls_def_config.h\n> @@ -89,6 +89,23 @@\n> +#if CONFIG_IS_ENABLED(ECDSA)\n> +#define MBEDTLS_ECDSA_C\n> +#define MBEDTLS_ECP_C\n> +#define MBEDTLS_BIGNUM_C\n> +#define MBEDTLS_ECP_DP_SECP192R1_ENABLED\n> +#define MBEDTLS_ECP_DP_SECP224R1_ENABLED\n> +#define MBEDTLS_ECP_DP_SECP256R1_ENABLED\n> +#define MBEDTLS_ECP_DP_SECP384R1_ENABLED\n> +#define MBEDTLS_ECP_DP_SECP521R1_ENABLED\n> +#define MBEDTLS_ECP_DP_SECP192K1_ENABLED\n> +#define MBEDTLS_ECP_DP_SECP224K1_ENABLED\n> +#define MBEDTLS_ECP_DP_SECP256K1_ENABLED\n> +#define MBEDTLS_ECP_DP_BP256R1_ENABLED\n> +#define MBEDTLS_ECP_DP_BP384R1_ENABLED\n> +#define MBEDTLS_ECP_DP_BP512R1_ENABLED\n> +#endif\n\nI suspect this should use CONFIG_IS_ENABLED(ECDSA_MBEDTLS) rather than\nCONFIG_IS_ENABLED(ECDSA), for consistency with other mbedtls-specific\nfeatures in this file. Currently, enabling ECDSA with the legacy\ncrypto library would set these defines but not link the corresponding\ncode.\n\n> diff --git a/lib/mbedtls/Kconfig b/lib/mbedtls/Kconfig\n> @@ -247,6 +247,10 @@ config MBEDTLS_LIB_X509\n> +config BIGNUM_MBEDTLS\n> + bool\n> + default n\n\nYou don't need 'default n' as 'n' is the default.\n\nRegards,\nSimon","headers":{"Return-Path":"","X-Original-To":"incoming@patchwork.ozlabs.org","Delivered-To":"patchwork-incoming@legolas.ozlabs.org","Authentication-Results":["legolas.ozlabs.org;\n\tdkim=pass (1024-bit key;\n unprotected) header.d=chromium.org header.i=@chromium.org header.a=rsa-sha256\n header.s=google header.b=gDLsMMoq;\n\tdkim-atps=neutral","legolas.ozlabs.org;\n spf=pass (sender SPF authorized) smtp.mailfrom=lists.denx.de\n (client-ip=2a01:238:438b:c500:173d:9f52:ddab:ee01; helo=phobos.denx.de;\n envelope-from=u-boot-bounces@lists.denx.de; receiver=patchwork.ozlabs.org)","phobos.denx.de;\n dmarc=pass (p=none dis=none) header.from=chromium.org","phobos.denx.de;\n spf=pass smtp.mailfrom=u-boot-bounces@lists.denx.de","phobos.denx.de;\n\tdkim=pass (1024-bit key;\n unprotected) header.d=chromium.org header.i=@chromium.org\n header.b=\"gDLsMMoq\";\n\tdkim-atps=neutral","phobos.denx.de;\n dmarc=pass (p=none dis=none) header.from=chromium.org","phobos.denx.de;\n spf=pass smtp.mailfrom=sjg@chromium.org"],"Received":["from phobos.denx.de (phobos.denx.de\n [IPv6:2a01:238:438b:c500:173d:9f52:ddab:ee01])\n\t(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)\n\t key-exchange x25519 server-signature ECDSA (secp384r1) server-digest SHA384)\n\t(No client certificate requested)\n\tby legolas.ozlabs.org (Postfix) with ESMTPS id 4fzTWN5Gwcz1yGt\n\tfor ; Mon, 20 Apr 2026 12:11:44 +1000 (AEST)","from h2850616.stratoserver.net (localhost [IPv6:::1])\n\tby phobos.denx.de (Postfix) with ESMTP id 04C7E83693;\n\tMon, 20 Apr 2026 04:11:36 +0200 (CEST)","by phobos.denx.de (Postfix, from userid 109)\n id 129B283B99; Mon, 20 Apr 2026 04:11:35 +0200 (CEST)","from mail-pf1-x42a.google.com (mail-pf1-x42a.google.com\n [IPv6:2607:f8b0:4864:20::42a])\n (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits))\n (No client certificate requested)\n by phobos.denx.de (Postfix) with ESMTPS id 7F9C882BF2\n for ; Mon, 20 Apr 2026 04:11:32 +0200 (CEST)","by mail-pf1-x42a.google.com with SMTP id\n d2e1a72fcca58-82f8bf96b46so1131423b3a.2\n for ; Sun, 19 Apr 2026 19:11:32 -0700 (PDT)"],"X-Spam-Checker-Version":"SpamAssassin 3.4.2 (2018-09-13) on phobos.denx.de","X-Spam-Level":"","X-Spam-Status":"No, score=-2.1 required=5.0 tests=BAYES_00,DKIMWL_WL_HIGH,\n DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,\n RCVD_IN_DNSWL_BLOCKED,SPF_HELO_NONE,SPF_PASS autolearn=ham\n autolearn_force=no version=3.4.2","ARC-Seal":"i=1; a=rsa-sha256; t=1776651091; cv=none;\n d=google.com; s=arc-20240605;\n b=HG2t0yCAtC83Im6JZ+fPfSbvbdi88gPe5GDm06OyzzpvIPWnrFKxm1Di6HQrRMkzT/\n iij/6L8T3vvmwNbSr2QzD2JhOTKTdD1pUJFCOm8jnz+H9Vf87zySbY71DM8yLA4oluW0\n 3nxQU7+zVswL6h2QkS694/m0A8qgiictTgWJWvTFg5LHVF5d+H7ImDgj3BB0CDF4CSoE\n IawIELhNZaq8XBWACOPuIXnOqVIsVbiI0xA1usY6e5HtZ5D/pUVBKBiHcZE8cYXGWhD2\n F/Eukt54C0D4rkMFsnjzQ8UuqaYQMpe9h5vbfDQjn99hIwmD1TxH8aBw32emhDsC0sec\n JQ0g==","ARC-Message-Signature":"i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com;\n s=arc-20240605;\n h=cc:to:subject:message-id:date:from:in-reply-to:references\n :mime-version:dkim-signature;\n bh=0wYPS9DFm5o9ZCyvnzradFvzRbMQjgs4krov1Avtzu8=;\n fh=4tL75V6OhW3dS5bSDjPos9FuEPvGKHR3LgUMm10iD2A=;\n b=VedFWxVG8eRDIQsy4jB9J4As4Q/uV+uGVq9OuMLHbjBUxkYN7tkuL3SzD9jXanbFpC\n Mj/EMzeUx/FxzLRgwgPI2LflEive9PS180Mtq0WG88fDGxHUoP3VcdjOYvS1bECKL8so\n ++yB0UkV3Hh+7ihZ4a6+kVww7Lo1MfZ0S5cRWvKcvqofFF6f4ujMOu3CzqjdYL4rkv9k\n r7B1bv1NW6hfgTCcRiyi2FCAlhLxQfMbSYAkDhtjUkOyLv4nAc85OywlluD/KcH7/Gq6\n aUgmK5KlJ46ysZaDeByvYzwp13cMxBcOEwI5pRUSSLqLnVHMWlwPLwjXjb8dXNoDXqAw\n 2x5g==; darn=lists.denx.de","ARC-Authentication-Results":"i=1; mx.google.com; arc=none","DKIM-Signature":"v=1; a=rsa-sha256; c=relaxed/relaxed;\n d=chromium.org; s=google; t=1776651091; x=1777255891; darn=lists.denx.de;\n h=cc:to:subject:message-id:date:from:in-reply-to:references\n :mime-version:from:to:cc:subject:date:message-id:reply-to;\n bh=0wYPS9DFm5o9ZCyvnzradFvzRbMQjgs4krov1Avtzu8=;\n b=gDLsMMoqOMnByNayrLqcLF+Ia9ri8ieexQAJdnpn7IaMZiACGgBC2SlnVtBLjZ0kLM\n ODn4oEB81OLGbf71ISOOpLjmJ/D48kBQUOauqTEhUvXxr2zkW8O0Q2IrbCSmXav1ExC2\n tng+iBQdLBTXhMK72upWhADIQFyxMibb0KTvw=","X-Google-DKIM-Signature":"v=1; a=rsa-sha256; c=relaxed/relaxed;\n d=1e100.net; s=20251104; t=1776651091; x=1777255891;\n h=cc:to:subject:message-id:date:from:in-reply-to:references\n :mime-version:x-gm-gg:x-gm-message-state:from:to:cc:subject:date\n :message-id:reply-to;\n bh=0wYPS9DFm5o9ZCyvnzradFvzRbMQjgs4krov1Avtzu8=;\n b=GKrKF+6u1t6VBCPerKjCmMMt4xjmDiJxHuuwUROaLLUqDZQteSnCJP7zXmwSSJkFiy\n axjvgUuxdQjGQyELBIMSHV8Qc6kX3+5mBoarX57uNcQphV/CtzozGwqUODrhRTGN+sVm\n bD1FAxRzRb12uAkr0ShuGPGWrjvewPVrAotdNF8kD4A0qSWIbSYIojxFhBhuCsYVfk8R\n G9pJ30W9X6e99J3vnVew+KJQ3zm3IjGKb1W9Z2IAlNSmAhl1q8B2iSFsBQSWoejP/hOy\n C+Qw4XRG6u2H71RFhEITubXdctVL3Gy384avnqnaDx3ZMwgEqQNkyEvw601ZScIT1FC2\n ITAA==","X-Forwarded-Encrypted":"i=1;\n AFNElJ/3Z7m1Z9kiMj2Kaj8OlSGSwgOvhQ3OlVqk6IU+1H8Eib9W4EeOjw5GfdpqTPN0iqt8p6d1HZk=@lists.denx.de","X-Gm-Message-State":"AOJu0YyRkCvd/IMGZfY8N4SLbaR5zTHKPfrkgN0v+17FSGCUHJ0r0San\n HWfBAVyytp1xrWm8GyoZEBGTAdNuT8pqRcml+hXNryNNBeUCf4AlQReL6Swtd4+hd+EOzVV1G+/\n PhWCrYh1/UoouFxgrOGjoKOPxC4K7CrduVpqerC3F","X-Gm-Gg":"AeBDieuKaq9oNMfxg1GxcQTkLAtHJ+jY2OVy5ftLjS51mtGSfTFz5g+BqK4vwrTevfJ\n sEM3aoSYYYf8O1sV0M1NBIXLqkz9ZFmnD0a1jcQSOLyOr4VPg1S+PsXp3rEdR62QpFOGTPdfQXD\n W0Cd6e3USqiAQjbn53bgj9wp0CaRQsF4G4nGhE8UJBX6ZGqozR9we5IvyZ2Mpjc6S11ppV+gZM4\n QYGHYJ6rrC7jlYzznDoxr0p5DZ+wM0bQ5t0LXqlvRPBmMic0KSAk4NrAeHpNvwaZDnID/3yjYsj\n e/+ymEyUbhXiJN91pZew","X-Received":"by 2002:a05:6a00:3492:b0:82f:1d38:f68d with SMTP id\n d2e1a72fcca58-82f8c8df5e1mr12859299b3a.34.1776651090814; Sun, 19 Apr 2026\n 19:11:30 -0700 (PDT)","MIME-Version":"1.0","References":"<20260417130204.49896-1-philippe.reynes@softathome.com>\n <20260417130204.49896-2-philippe.reynes@softathome.com>","In-Reply-To":"<20260417130204.49896-2-philippe.reynes@softathome.com>","From":"Simon Glass ","Date":"Mon, 20 Apr 2026 14:11:11 +1200","X-Gm-Features":"AQROBzCPnCGoC_sH3AQDoUaiLSknkToL0QZRLjp6lMEQ6bVmqO3Qv7wR6uPDO8A","Message-ID":"\n ","Subject":"Re: [PATCH v4 01/14] mbedtls: enable support of ecc","To":"philippe.reynes@softathome.com","Cc":"marko.makela@iki.fi, jonny.green@keytechinc.com, raymondmaoca@gmail.com,\n trini@konsulko.com, simon.glass@canonical.com, u-boot@lists.denx.de","Content-Type":"text/plain; charset=\"UTF-8\"","X-BeenThere":"u-boot@lists.denx.de","X-Mailman-Version":"2.1.39","Precedence":"list","List-Id":"U-Boot discussion ","List-Unsubscribe":",\n ","List-Archive":"","List-Post":"","List-Help":"","List-Subscribe":",\n ","Errors-To":"u-boot-bounces@lists.denx.de","Sender":"\"U-Boot\" ","X-Virus-Scanned":"clamav-milter 0.103.8 at phobos.denx.de","X-Virus-Status":"Clean"}},{"id":3679455,"web_url":"http://patchwork.ozlabs.org/comment/3679455/","msgid":"","list_archive_url":null,"date":"2026-04-20T16:17:06","subject":"Re: [PATCH v4 01/14] mbedtls: enable support of ecc","submitter":{"id":91989,"url":"http://patchwork.ozlabs.org/api/people/91989/","name":"Raymond Mao","email":"raymondmaoca@gmail.com"},"content":"Hi Philippe,\n\nOn Fri, Apr 17, 2026 at 9:02 AM Philippe Reynes\n wrote:\n>\n> Enables the support of ecc in mbedtls.\n>\n> Signed-off-by: Philippe Reynes \n> ---\n> v2:\n> - move ecdsa to MBEDTLS_LIB_X509\n> - enhance depencendies\n> v3:\n> - do not use _MBEDTLS in mbedtls_def_config.h\n>\n> v4:\n> - do not select ECDSA on some configs\n> - remove duplicated MBEDTLS_ECP_DP_SECP256K1_ENABLED\n> - change dependencies for ECDSA configs\n>\n> configs/sandbox_defconfig | 1 +\n> lib/ecdsa/Kconfig | 1 +\n> lib/mbedtls/Kconfig | 14 ++++++++++++++\n> lib/mbedtls/Makefile | 17 +++++++++--------\n> lib/mbedtls/mbedtls_def_config.h | 17 +++++++++++++++++\n> 5 files changed, 42 insertions(+), 8 deletions(-)\n>\n> diff --git a/configs/sandbox_defconfig b/configs/sandbox_defconfig\n> index f26295103f1..15831dd7e04 100644\n> --- a/configs/sandbox_defconfig\n> +++ b/configs/sandbox_defconfig\n> @@ -391,6 +391,7 @@ CONFIG_PANIC_HANG=y\n> CONFIG_CMD_DHRYSTONE=y\n> CONFIG_MBEDTLS_LIB=y\n> CONFIG_HKDF_MBEDTLS=y\n> +CONFIG_ECDSA_MBEDTLS=y\n> CONFIG_ECDSA=y\n> CONFIG_ECDSA_VERIFY=y\n> CONFIG_RSASSA_PSS=y\n> diff --git a/lib/ecdsa/Kconfig b/lib/ecdsa/Kconfig\n> index ca13b6bfa1f..dac8bcf23dd 100644\n> --- a/lib/ecdsa/Kconfig\n> +++ b/lib/ecdsa/Kconfig\n> @@ -1,6 +1,7 @@\n> config ECDSA\n> bool \"Enable ECDSA support\"\n> depends on DM\n> + select ASN1_DECODER\n> help\n> This enables the ECDSA (elliptic curve signature) algorithm for FIT\n> image verification in U-Boot. The ECDSA algorithm is implemented\n> diff --git a/lib/mbedtls/Kconfig b/lib/mbedtls/Kconfig\n> index 789721ee6cd..cfc47152fc5 100644\n> --- a/lib/mbedtls/Kconfig\n> +++ b/lib/mbedtls/Kconfig\n> @@ -247,6 +247,10 @@ config MBEDTLS_LIB_X509\n>\n> if MBEDTLS_LIB_X509\n>\n> +config BIGNUM_MBEDTLS\n> + bool\n> + default n\n> +\n> config ASN1_DECODER_MBEDTLS\n> bool \"ASN1 decoder with MbedTLS certificate library\"\n> depends on MBEDTLS_LIB_X509 && ASN1_DECODER\n> @@ -264,6 +268,7 @@ config RSA_PUBLIC_KEY_PARSER_MBEDTLS\n> bool \"RSA public key parser with MbedTLS certificate library\"\n> depends on ASYMMETRIC_PUBLIC_KEY_MBEDTLS\n> select ASN1_DECODER_MBEDTLS\n> + select BIGNUM_MBEDTLS\n> help\n> This option chooses MbedTLS certificate library for RSA public key\n> parser.\n> @@ -292,6 +297,15 @@ config MSCODE_PARSER_MBEDTLS\n> This option chooses MbedTLS certificate library for MS authenticode\n> parser.\n>\n> +config ECDSA_MBEDTLS\n> + bool \"Enable ECDSA support with MbedTLS certificate library\"\n> + depends on MBEDTLS_LIB_X509 && ECDSA_VERIFY\n> + select ASN1_DECODER_MBEDTLS\n\nselect ASN1_DECODER_MBEDTLS if ASN1_DECODER\nAll _MBEDTLS switches should be under control of the main switches.\n\n> + select BIGNUM_MBEDTLS\n> + help\n> + This option enables support of ECDSA with the MbedTLS certificate\n> + library.\n> +\n> endif # MBEDTLS_LIB_X509\n>\n> config MBEDTLS_LIB_TLS\n> diff --git a/lib/mbedtls/Makefile b/lib/mbedtls/Makefile\n> index c5b445bd85c..aa1ca6d196b 100644\n> --- a/lib/mbedtls/Makefile\n> +++ b/lib/mbedtls/Makefile\n> @@ -38,14 +38,20 @@ mbedtls_lib_crypto-$(CONFIG_$(PHASE_)HKDF_MBEDTLS) += \\\n>\n> # MbedTLS X509 library\n> obj-$(CONFIG_$(XPL_)MBEDTLS_LIB_X509) += mbedtls_lib_x509.o\n> -mbedtls_lib_x509-y := $(MBEDTLS_LIB_DIR)/x509.o\n> +mbedtls_lib_x509-y := $(MBEDTLS_LIB_DIR)/x509.o \\\n> + $(MBEDTLS_LIB_DIR)/ecdsa.o \\\n> + $(MBEDTLS_LIB_DIR)/ecp.o \\\n> + $(MBEDTLS_LIB_DIR)/ecp_curves.o \\\n> + $(MBEDTLS_LIB_DIR)/ecp_curves_new.o \\\n> + $(MBEDTLS_LIB_DIR)/pk_ecc.o\n\nTo avoid increasing binary size and making the build dependency\nbroader than the feature being enabled, please use\n'mbedtls_lib_x509-$(CONFIG_$(PHASE_)ECDSA_MBEDTLS)' instead of\n'mbedtls_lib_x509-y' when introducing the ecdsa/ecp/ecc objects.\n\nRegards,\nRaymond\n\n\n\n> +mbedtls_lib_x509-$(CONFIG_$(PHASE_)BIGNUM_MBEDTLS) += \\\n> + $(MBEDTLS_LIB_DIR)/bignum.o \\\n> + $(MBEDTLS_LIB_DIR)/bignum_core.o\n> mbedtls_lib_x509-$(CONFIG_$(PHASE_)ASN1_DECODER_MBEDTLS) += \\\n> $(MBEDTLS_LIB_DIR)/asn1parse.o \\\n> $(MBEDTLS_LIB_DIR)/asn1write.o \\\n> $(MBEDTLS_LIB_DIR)/oid.o\n> mbedtls_lib_x509-$(CONFIG_$(PHASE_)RSA_PUBLIC_KEY_PARSER_MBEDTLS) += \\\n> - $(MBEDTLS_LIB_DIR)/bignum.o \\\n> - $(MBEDTLS_LIB_DIR)/bignum_core.o \\\n> $(MBEDTLS_LIB_DIR)/rsa.o \\\n> $(MBEDTLS_LIB_DIR)/rsa_alt_helpers.o\n> mbedtls_lib_x509-$(CONFIG_$(PHASE_)ASYMMETRIC_PUBLIC_KEY_MBEDTLS) += \\\n> @@ -64,7 +70,6 @@ mbedtls_lib_tls-y := \\\n> $(MBEDTLS_LIB_DIR)/mps_reader.o \\\n> $(MBEDTLS_LIB_DIR)/mps_trace.o \\\n> $(MBEDTLS_LIB_DIR)/net_sockets.o \\\n> - $(MBEDTLS_LIB_DIR)/pk_ecc.o \\\n> $(MBEDTLS_LIB_DIR)/ssl_cache.o \\\n> $(MBEDTLS_LIB_DIR)/ssl_ciphersuites.o \\\n> $(MBEDTLS_LIB_DIR)/ssl_client.o \\\n> @@ -82,8 +87,4 @@ mbedtls_lib_tls-y := \\\n> $(MBEDTLS_LIB_DIR)/cipher.o \\\n> $(MBEDTLS_LIB_DIR)/cipher_wrap.o \\\n> $(MBEDTLS_LIB_DIR)/ecdh.o \\\n> - $(MBEDTLS_LIB_DIR)/ecdsa.o \\\n> - $(MBEDTLS_LIB_DIR)/ecp.o \\\n> - $(MBEDTLS_LIB_DIR)/ecp_curves.o \\\n> - $(MBEDTLS_LIB_DIR)/ecp_curves_new.o \\\n> $(MBEDTLS_LIB_DIR)/gcm.o \\\n> diff --git a/lib/mbedtls/mbedtls_def_config.h b/lib/mbedtls/mbedtls_def_config.h\n> index dda3f4dd6e4..239215ecf85 100644\n> --- a/lib/mbedtls/mbedtls_def_config.h\n> +++ b/lib/mbedtls/mbedtls_def_config.h\n> @@ -89,6 +89,23 @@\n> #define MBEDTLS_ASN1_WRITE_C\n> #endif\n>\n> +#if CONFIG_IS_ENABLED(ECDSA)\n> +#define MBEDTLS_ECDSA_C\n> +#define MBEDTLS_ECP_C\n> +#define MBEDTLS_BIGNUM_C\n> +#define MBEDTLS_ECP_DP_SECP192R1_ENABLED\n> +#define MBEDTLS_ECP_DP_SECP224R1_ENABLED\n> +#define MBEDTLS_ECP_DP_SECP256R1_ENABLED\n> +#define MBEDTLS_ECP_DP_SECP384R1_ENABLED\n> +#define MBEDTLS_ECP_DP_SECP521R1_ENABLED\n> +#define MBEDTLS_ECP_DP_SECP192K1_ENABLED\n> +#define MBEDTLS_ECP_DP_SECP224K1_ENABLED\n> +#define MBEDTLS_ECP_DP_SECP256K1_ENABLED\n> +#define MBEDTLS_ECP_DP_BP256R1_ENABLED\n> +#define MBEDTLS_ECP_DP_BP384R1_ENABLED\n> +#define MBEDTLS_ECP_DP_BP512R1_ENABLED\n> +#endif\n> +\n> #endif /* #if CONFIG_IS_ENABLED(MBEDTLS_LIB_X509) */\n>\n> #if CONFIG_IS_ENABLED(MBEDTLS_LIB_TLS)\n> --\n> 2.43.0\n>","headers":{"Return-Path":"","X-Original-To":"incoming@patchwork.ozlabs.org","Delivered-To":"patchwork-incoming@legolas.ozlabs.org","Authentication-Results":["legolas.ozlabs.org;\n\tdkim=pass (2048-bit key;\n unprotected) header.d=gmail.com header.i=@gmail.com header.a=rsa-sha256\n header.s=20251104 header.b=SIAh0uIV;\n\tdkim-atps=neutral","legolas.ozlabs.org;\n spf=pass (sender SPF authorized) smtp.mailfrom=lists.denx.de\n (client-ip=2a01:238:438b:c500:173d:9f52:ddab:ee01; helo=phobos.denx.de;\n envelope-from=u-boot-bounces@lists.denx.de; receiver=patchwork.ozlabs.org)","phobos.denx.de;\n dmarc=pass (p=none dis=none) header.from=gmail.com","phobos.denx.de;\n spf=pass smtp.mailfrom=u-boot-bounces@lists.denx.de","phobos.denx.de;\n\tdkim=pass (2048-bit key;\n unprotected) header.d=gmail.com header.i=@gmail.com header.b=\"SIAh0uIV\";\n\tdkim-atps=neutral","phobos.denx.de;\n dmarc=pass (p=none dis=none) header.from=gmail.com","phobos.denx.de;\n spf=pass smtp.mailfrom=raymondmaoca@gmail.com"],"Received":["from phobos.denx.de (phobos.denx.de\n [IPv6:2a01:238:438b:c500:173d:9f52:ddab:ee01])\n\t(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)\n\t key-exchange x25519 server-signature ECDSA (secp384r1) server-digest SHA384)\n\t(No client certificate requested)\n\tby legolas.ozlabs.org (Postfix) with ESMTPS id 4fzrHH5QLfz1yCv\n\tfor ; Tue, 21 Apr 2026 02:17:31 +1000 (AEST)","from h2850616.stratoserver.net (localhost [IPv6:::1])\n\tby phobos.denx.de (Postfix) with ESMTP id 295A18426E;\n\tMon, 20 Apr 2026 18:17:24 +0200 (CEST)","by phobos.denx.de (Postfix, from userid 109)\n id 5DD378425F; Mon, 20 Apr 2026 18:17:23 +0200 (CEST)","from mail-yx1-xb12d.google.com (mail-yx1-xb12d.google.com\n [IPv6:2607:f8b0:4864:20::b12d])\n (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits))\n (No client certificate requested)\n by phobos.denx.de (Postfix) with ESMTPS id CBA2D8426E\n for ; Mon, 20 Apr 2026 18:17:19 +0200 (CEST)","by mail-yx1-xb12d.google.com with SMTP id\n 956f58d0204a3-649278a69c5so2479956d50.3\n for ; Mon, 20 Apr 2026 09:17:19 -0700 (PDT)"],"X-Spam-Checker-Version":"SpamAssassin 3.4.2 (2018-09-13) on phobos.denx.de","X-Spam-Level":"","X-Spam-Status":"No, score=-1.1 required=5.0 tests=BAYES_00,DKIM_SIGNED,\n DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,FORGED_GMAIL_RCVD,FREEMAIL_FROM,\n RCVD_IN_DNSWL_BLOCKED,SPF_HELO_NONE,SPF_PASS autolearn=no\n autolearn_force=no version=3.4.2","ARC-Seal":"i=1; a=rsa-sha256; t=1776701838; cv=none;\n d=google.com; s=arc-20240605;\n b=aiA+C62ukpZTO+CQg2U7Y8XZlk4rDTwjmVadO1MyVMCI6wWDWIEwR8YS9Z6XiUSPNB\n +Q9+rawLFRAqLoDzTHlpoNuz9OKUnrna9cHDEwLXSMrdgoZlBTIvFcNOtXeXJIqUlu7a\n DU4dGtgp/NC3cKPWrTfzE/k/qHpPC7/c2jSz/O64RNIS7l/qvlOEjoDTMlZRHKvg2q8X\n 2Vc7EQdahwGBeWKFzeGdUMRDdFH4K4EcHOczYMcaWUKtxxvCTIINnbztIvBQfNjfLkpW\n pFY80SpxB5CF5rLCL3PaABA//sofCHTqDz1hupXtBZoqRGWVokfHSvyIPkcv0BWWSHJc\n psHQ==","ARC-Message-Signature":"i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com;\n s=arc-20240605;\n h=content-transfer-encoding:cc:to:subject:message-id:date:from\n :in-reply-to:references:mime-version:dkim-signature;\n bh=6MijSywokdCkNZvM6n8pi8nJqMySWTSMiKK0MD2DLoA=;\n fh=a36618USXTZJgAZd7LAVnacC96n0oeRyVvajmrPDgFI=;\n b=AYOFMrOxrgJQOGq/83BVm4/4p9A+e4bZ3ickO652LWT0Bb+NZJTWMgQfRNAprOYaji\n Wb7qf3UHvtTHmAV0QF8+GnW+Ee0QSRBW9MH/P85VVbLuJyKA3auwesGZkbAuRKYvwwfM\n Ic8qEPOnECyF+tUZOtH/47Qj+hmGRzdf9/1IaE2Y7UXER1iTRhwWpY99EXPqxGky/Ete\n RkxK7T3amKLmctZ7Pi5ibTobGCgj1QLGopEbtIu+WPsR/5Cas1IwjqFxEF5uW546fCGN\n MSDnqORLIGIF/Mo13QPgbL3j1S2g2U22X9i8BO/m1HVzlyFhAMl5741uK+C7koVDxqcc\n aeDw==; darn=lists.denx.de","ARC-Authentication-Results":"i=1; mx.google.com; arc=none","DKIM-Signature":"v=1; a=rsa-sha256; c=relaxed/relaxed;\n d=gmail.com; s=20251104; t=1776701838; x=1777306638; darn=lists.denx.de;\n h=content-transfer-encoding:cc:to:subject:message-id:date:from\n :in-reply-to:references:mime-version:from:to:cc:subject:date\n :message-id:reply-to;\n bh=6MijSywokdCkNZvM6n8pi8nJqMySWTSMiKK0MD2DLoA=;\n b=SIAh0uIVx03sRT0qw/YQsqvoH1ZDp6IBW3JlxqPXpoe7vOZgUA/G0SEgsgz3XMqAof\n bki/LLOhxHen6hoPVijNApSqqv3yazISIgKYECxKC0YMBw2rOfIyb6MwTDvopVYIgC2H\n 4HZjF/rWjNQkP92K/zSnqyQsEvY25AVvzGiB0513Bd2I9XqdTylbum+STG0FAkwfwNXx\n 0OTT+Ejo2IwDnjdDR+1qIkmfN1h2Uzghubdud0DM2qgI1plnJTl8uXMhmn7R+BsORBNO\n /YYd8+w4TbUWxk471t2/OXMIQZ+y7FqUsEJTvEKYDAU5/9EZIj8PulEzz/WFSgpcLxfQ\n jAnw==","X-Google-DKIM-Signature":"v=1; a=rsa-sha256; c=relaxed/relaxed;\n d=1e100.net; s=20251104; t=1776701838; x=1777306638;\n h=content-transfer-encoding:cc:to:subject:message-id:date:from\n :in-reply-to:references:mime-version:x-gm-gg:x-gm-message-state:from\n :to:cc:subject:date:message-id:reply-to;\n bh=6MijSywokdCkNZvM6n8pi8nJqMySWTSMiKK0MD2DLoA=;\n b=oIOzA5qvpUz/tSsDidcvo0P1r8pD1X0uD+b6b+9FkqRtqCWflcFEwTpEGr1Oa+kF04\n +N5xzmpCnWsrj5dIjVhWQspw3nzycWY9jxNpT6cQ/C1As3bG5kikC6RIHBvmenry5izk\n fIBfeVojp/D1eyU0n0a6O6BEXtVaec0YaDXdcm/4ltTsV+qQtD4zkiSofElcAdxD/BtI\n eLL1oh9wigSik+w5CkO6xdzshezhQ5CNuICvF0X98YBw0xtFBXlJhppOOO5S4RQidk6T\n B/RXTojTm2WoHb1+tKwyRdR9Og5bOly8+MITV6phm/Sk54670Vc8IM5BnbBCNpfXkyKY\n QErQ==","X-Forwarded-Encrypted":"i=1;\n AFNElJ9LzFTPlA2sqMiTu9vPONjL/4LHbLKBskeNU2sfXbDmwYRtjkPliPdH6qQnmq/OPO7r0Bm3l2k=@lists.denx.de","X-Gm-Message-State":"AOJu0YyAlwbJ3TbYSsCxfnfOGAEPT475xyyfCohGNvyu/LhllyFoGBmo\n DibdkhogXDHmlBU6qvwsHOZS6ehiny8AOlFPmeGnt4XtcBSgaMFSUwwZ2WSbLhNPq8/fCjQML5o\n i/mgbLHMweYT4v510QC07LTeSdVBa3ic2AewSmaY=","X-Gm-Gg":"AeBDietqYliXGf0fYbIaDvIh8Oo+xmsj0I8YrOjS+oiRiU7l/9pjzzXNmBZMbN57K7I\n VdiShJ35akpVddYS14gJTIGcv03rud/kgKvPXhMOyQRE1LoSkrfJXTpHRY4DISFoWdgTFsYZUS1\n XAsdCT/XpYiiybHbS36+BO3PsHf5gxVs9mSdjPYQsvpX2XhNkbfnSXXOoeVESHrOCHPoxaRoZVj\n cQj4hg3h8QDYSRexEs7FFKl4QKAI+RGxfxn4fvtmmo9JEL0vJ/19H1WOPGX5m2nMq8u4GUrcHHf\n b4HnMDC81oqboATFsSM=","X-Received":"by 2002:a05:690e:4093:b0:654:c28:561 with SMTP id\n 956f58d0204a3-6540c281b4cmr9710680d50.61.1776701838383; Mon, 20 Apr 2026\n 09:17:18 -0700 (PDT)","MIME-Version":"1.0","References":"<20260417130204.49896-1-philippe.reynes@softathome.com>\n <20260417130204.49896-2-philippe.reynes@softathome.com>","In-Reply-To":"<20260417130204.49896-2-philippe.reynes@softathome.com>","From":"Raymond Mao ","Date":"Mon, 20 Apr 2026 12:17:06 -0400","X-Gm-Features":"AQROBzCjmicYFP_60YwAzi6IMvhTydRF5A-rDvmAaPt7V3xT1fA0BrpXlFPLXZc","Message-ID":"\n ","Subject":"Re: [PATCH v4 01/14] mbedtls: enable support of ecc","To":"Philippe Reynes ","Cc":"marko.makela@iki.fi, jonny.green@keytechinc.com, trini@konsulko.com,\n simon.glass@canonical.com, u-boot@lists.denx.de","Content-Type":"text/plain; charset=\"UTF-8\"","Content-Transfer-Encoding":"quoted-printable","X-BeenThere":"u-boot@lists.denx.de","X-Mailman-Version":"2.1.39","Precedence":"list","List-Id":"U-Boot discussion ","List-Unsubscribe":",\n ","List-Archive":"","List-Post":"","List-Help":"","List-Subscribe":",\n ","Errors-To":"u-boot-bounces@lists.denx.de","Sender":"\"U-Boot\" ","X-Virus-Scanned":"clamav-milter 0.103.8 at phobos.denx.de","X-Virus-Status":"Clean"}}]