Patch Detail
get:
Show a patch.
patch:
Update a patch.
put:
Update a patch.
GET /api/patches/2224487/?format=api
{ "id": 2224487, "url": "http://patchwork.ozlabs.org/api/patches/2224487/?format=api", "web_url": "http://patchwork.ozlabs.org/project/uboot/patch/20260417130204.49896-11-philippe.reynes@softathome.com/", "project": { "id": 18, "url": "http://patchwork.ozlabs.org/api/projects/18/?format=api", "name": "U-Boot", "link_name": "uboot", "list_id": "u-boot.lists.denx.de", "list_email": "u-boot@lists.denx.de", "web_url": null, "scm_url": null, "webscm_url": null, "list_archive_url": "", "list_archive_url_format": "", "commit_url_format": "" }, "msgid": "<20260417130204.49896-11-philippe.reynes@softathome.com>", "list_archive_url": null, "date": "2026-04-17T13:02:00", "name": "[v4,10/14] tools: binman: pre-load: add support of ecdsa", "commit_ref": null, "pull_url": null, "state": "superseded", "archived": false, "hash": "0c0fc54d400dabee6999c8d33402179698a323ae", "submitter": { "id": 74351, "url": "http://patchwork.ozlabs.org/api/people/74351/?format=api", "name": "Philippe Reynes", "email": "philippe.reynes@softathome.com" }, "delegate": { "id": 161313, "url": "http://patchwork.ozlabs.org/api/users/161313/?format=api", "username": "raymo200915", "first_name": "Raymond", "last_name": "Mao", "email": "raymondmaoca@gmail.com" }, "mbox": "http://patchwork.ozlabs.org/project/uboot/patch/20260417130204.49896-11-philippe.reynes@softathome.com/mbox/", "series": [ { "id": 500332, "url": "http://patchwork.ozlabs.org/api/series/500332/?format=api", "web_url": "http://patchwork.ozlabs.org/project/uboot/list/?series=500332", "date": "2026-04-17T13:02:04", "name": "add software ecdsa support", "version": 4, "mbox": "http://patchwork.ozlabs.org/series/500332/mbox/" } ], "comments": "http://patchwork.ozlabs.org/api/patches/2224487/comments/", "check": "pending", "checks": "http://patchwork.ozlabs.org/api/patches/2224487/checks/", "tags": {}, "related": [], "headers": { "Return-Path": "<u-boot-bounces@lists.denx.de>", "X-Original-To": "incoming@patchwork.ozlabs.org", "Delivered-To": "patchwork-incoming@legolas.ozlabs.org", "Authentication-Results": [ "legolas.ozlabs.org;\n\tdkim=pass (2048-bit key;\n unprotected) header.d=softathome1.onmicrosoft.com header.i=@softathome1.onmicrosoft.com\n header.a=rsa-sha256 header.s=selector1-softathome1-onmicrosoft-com\n header.b=YzjF1srm;\n\tdkim-atps=neutral", "legolas.ozlabs.org;\n spf=pass (sender SPF authorized) smtp.mailfrom=lists.denx.de\n (client-ip=2a01:238:438b:c500:173d:9f52:ddab:ee01; helo=phobos.denx.de;\n envelope-from=u-boot-bounces@lists.denx.de; receiver=patchwork.ozlabs.org)", "phobos.denx.de;\n dmarc=none (p=none dis=none) header.from=softathome.com", "phobos.denx.de;\n spf=pass smtp.mailfrom=u-boot-bounces@lists.denx.de", "phobos.denx.de;\n\tdkim=pass (2048-bit key;\n unprotected) header.d=softathome1.onmicrosoft.com header.i=@softathome1.onmicrosoft.com\n header.b=\"YzjF1srm\";\n\tdkim-atps=neutral", "phobos.denx.de; dmarc=none (p=none dis=none)\n header.from=softathome.com", "phobos.denx.de;\n spf=pass smtp.mailfrom=philippe.reynes@softathome.com" ], "Received": [ "from phobos.denx.de (phobos.denx.de\n [IPv6:2a01:238:438b:c500:173d:9f52:ddab:ee01])\n\t(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)\n\t key-exchange x25519)\n\t(No client certificate requested)\n\tby legolas.ozlabs.org (Postfix) with ESMTPS id 4fxw7X6vrgz1yCv\n\tfor <incoming@patchwork.ozlabs.org>; Fri, 17 Apr 2026 23:04:08 +1000 (AEST)", "from h2850616.stratoserver.net (localhost [IPv6:::1])\n\tby phobos.denx.de (Postfix) with ESMTP id 635A784378;\n\tFri, 17 Apr 2026 15:02:23 +0200 (CEST)", "by phobos.denx.de (Postfix, from userid 109)\n id 78D1C84308; Fri, 17 Apr 2026 15:02:20 +0200 (CEST)", "from MRZP264CU002.outbound.protection.outlook.com\n (mail-francesouthazlp170100001.outbound.protection.outlook.com\n [IPv6:2a01:111:f403:c207::1])\n (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits))\n (No client certificate requested)\n by phobos.denx.de (Postfix) with ESMTPS id 3FCFD842B7\n for <u-boot@lists.denx.de>; Fri, 17 Apr 2026 15:02:18 +0200 (CEST)", "from PR1P264CA0178.FRAP264.PROD.OUTLOOK.COM (2603:10a6:102:344::16)\n by MRYP264MB6139.FRAP264.PROD.OUTLOOK.COM (2603:10a6:501:70::11) with\n Microsoft SMTP Server (version=TLS1_2,\n cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.9818.21; Fri, 17 Apr\n 2026 13:02:10 +0000", "from PA2PEPF00019231.FRAP264.PROD.OUTLOOK.COM\n (2603:10a6:102:344:cafe::73) by PR1P264CA0178.outlook.office365.com\n (2603:10a6:102:344::16) with Microsoft SMTP Server (version=TLS1_3,\n cipher=TLS_AES_256_GCM_SHA384) id 15.20.9769.52 via Frontend Transport; Fri,\n 17 Apr 2026 13:02:10 +0000", "from proxy.softathome.com (149.6.166.170) by\n PA2PEPF00019231.mail.protection.outlook.com (10.167.242.37) with Microsoft\n SMTP Server (version=TLS1_3, cipher=TLS_AES_256_GCM_SHA384) id 15.20.9769.17\n via Frontend Transport; Fri, 17 Apr 2026 13:02:10 +0000", "from sah1lpt726.home (unknown [192.168.72.39])\n by proxy.softathome.com (Postfix) with ESMTPSA id 61C541FFF4;\n Fri, 17 Apr 2026 15:02:10 +0200 (CEST)" ], "X-Spam-Checker-Version": "SpamAssassin 3.4.2 (2018-09-13) on phobos.denx.de", "X-Spam-Level": "", "X-Spam-Status": "No, score=-1.9 required=5.0 tests=BAYES_00,DKIM_SIGNED,\n DKIM_VALID,RCVD_IN_DNSWL_BLOCKED,SPF_HELO_PASS,SPF_PASS autolearn=ham\n autolearn_force=no version=3.4.2", "ARC-Seal": "i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none;\n b=maIcvVxi+/p7RPXEGNhUhTIAhHTD8RymsGUfO1xvYza8mZUrG6SU55zF7Xbus+QC10a+LL9WEljVEPDO6Jym3s7UEgeclEcYB68XUkJxZesNJiXOpNvSdg/W+XVe6CK2YVGAfHboHhvhZWdeHMEe0FdnhhRfzvXY7FqB6V157Z24SHM91gS4VdMZpQN0R3vKjSmAxzLWO+b70p3vS05PfwxacUbO5oK6qlETJM+8lJRu02lTxso3VzqJI33b7LZ3+nn6CXzE7FbB56SvFyI/+2zRqTZfQ15saciIIA68D9caSiisomjxD6nVnVyrizHJ5jLQiY9nvU7A3LwA+aIs8g==", "ARC-Message-Signature": "i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com;\n s=arcselector10001;\n h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1;\n bh=9tAm+AsaJ9SzxlPx4l6qbq2HBtfLgEHxHCIjPZfqRBs=;\n b=zRtASZifGoDbJvs5tul8RVwtxbnLEUrFQVQmJMgFmwUYNuY31xZajcyAbcMS1zOY23mZJl7EKKffva8LcoE7RLSpC9dgzvpFBsEV2E5C9kQGJ1TQUbvOjoCfjw98EN5G0dhbounKP6nNLXthWxuHGdO9PjYz52/6tR7wmiRC9KJycKC56BJSR5J6sLETfXp5hrHKe9wXhuSmZPrhs/Ll4gpEeMvqgxJ0R7hD3sl8AJQPty2x4FeXSvYtiJUEtTR+H52xRc2PxO1dHtC3P4EzQw5tflVMLxrFXZtdw0qp/TxKaSJgE4Q0zK2AV3bsBgwEjEQadZKZ94VbweuxmO0qtw==", "ARC-Authentication-Results": "i=1; mx.microsoft.com 1; spf=pass (sender ip is\n 149.6.166.170) smtp.rcpttodomain=canonical.com smtp.mailfrom=softathome.com;\n dmarc=bestguesspass action=none header.from=softathome.com; dkim=none\n (message not signed); arc=none (0)", "DKIM-Signature": "v=1; a=rsa-sha256; c=relaxed/relaxed;\n d=softathome1.onmicrosoft.com; s=selector1-softathome1-onmicrosoft-com;\n h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck;\n bh=9tAm+AsaJ9SzxlPx4l6qbq2HBtfLgEHxHCIjPZfqRBs=;\n b=YzjF1srmZ9pwVwgOJ7r8dkGZ7d6av6h0QbBWrgccLKn4iWJ5W9gFEed8qYItHoJtbBTsL3awWze2yt9NE/akbLLCgKfgBQzJLK2q8M/+8BDmPhGhW80LwJqZG88p5xVsLNhx+jGW+/1eNqiH4yjOr+cO9TSFfq4K5jVBwAEyjE7vCU+kX2h34H5lUd+6frqF2MORsapzz4TtXxUZa/IOq72iVMQLYWksSYmITo3UfAg+QGWHd1HONKs4lWD2QB5Ts6vMVZ3G4PPs0q45pbwmIQE0O0u780uJ2vfQ4V2wcp/nL0vNj8ZQesvcCD0pR6WDOkQ7rRlm38tWNYdKfU8CDQ==", "X-MS-Exchange-Authentication-Results": "spf=pass (sender IP is 149.6.166.170)\n smtp.mailfrom=softathome.com; dkim=none (message not signed)\n header.d=none;dmarc=bestguesspass action=none header.from=softathome.com;", "Received-SPF": "Pass (protection.outlook.com: domain of softathome.com\n designates 149.6.166.170 as permitted sender)\n receiver=protection.outlook.com; client-ip=149.6.166.170;\n helo=proxy.softathome.com; pr=C", "From": "Philippe Reynes <philippe.reynes@softathome.com>", "To": "marko.makela@iki.fi, jonny.green@keytechinc.com, raymondmaoca@gmail.com,\n trini@konsulko.com, simon.glass@canonical.com", "Cc": "u-boot@lists.denx.de,\n\tPhilippe Reynes <philippe.reynes@softathome.com>", "Subject": "[PATCH v4 10/14] tools: binman: pre-load: add support of ecdsa", "Date": "Fri, 17 Apr 2026 15:02:00 +0200", "Message-ID": "<20260417130204.49896-11-philippe.reynes@softathome.com>", "X-Mailer": "git-send-email 2.43.0", "In-Reply-To": "<20260417130204.49896-1-philippe.reynes@softathome.com>", "References": "<20260417130204.49896-1-philippe.reynes@softathome.com>", "MIME-Version": "1.0", "Content-Transfer-Encoding": "8bit", "X-EOPAttributedMessage": "0", "X-MS-PublicTrafficType": "Email", "X-MS-TrafficTypeDiagnostic": "PA2PEPF00019231:EE_|MRYP264MB6139:EE_", "Content-Type": "text/plain", "X-MS-Office365-Filtering-Correlation-Id": "ef959989-6904-4681-ba38-08de9c818994", "X-MS-Exchange-SenderADCheck": "1", "X-MS-Exchange-AntiSpam-Relay": "0", "X-Microsoft-Antispam": "BCL:0;\n ARA:13230040|1800799024|36860700016|376014|82310400026|56012099003|18002099003|17002099007|22082099003;", "X-Microsoft-Antispam-Message-Info": "\n ytaWTEwPVaJQesUNUg3UNahm2FEmSN+lO7u6YRmzObnXbOuTpQsUNRjiuU7GAdJJOemUABG5l3vDNzknW1Fldk0DOwS1U9qExTyAQf6rjMjuMU6Onx/k90MGdZy9XEKyylg1fQHpzwStWMIIPuXmNnbUK+tG21FgNeiq4BVMEdIPIQMVILcCTd/o3RDIKuSxPWe+mBU+NzSblWa1E1zAEm/oTSFj9hVLhC2dU0tSm5Q0WtltfUUB+K++Ui0yYDSj07W2BY94U7nZyRDEp1s6u4yWrAsTAZ3Jjh7YUxEbbnMuE7/mfIYQldgus/Fyil3Md20cbRwNbaU3KqoSfWStgm22/CCue1yBGuM7XFcmjCr9+MRWH/urIqfE6L0kaZzXGEevQFfMsV8oNIol8E9WP0l9Zr6bVzBn35jRxqoTGwRrg0x95N29cB2GVw8gVyRrmjJeOnu8mu/bZFf8IFKWgoB4tj/hMJWkgQNP5vs4vWLaUBupMT4A982kbH8iK1pEPXagYMDrTXhiMeiQtODh8a8faFrftzj1nqBu3mtkm6B9DRHC2HhvOF98sgU+4XPKXpmpW88NKlalDhG3wBBD9tGaRVJLgWngkh5O1PS0fvMmMxVCQtoTXlRnEnKWlbt/uv2gqWvVro+YT0dXr8VeYQQcL6AznmGm3WiErk7Fngkz3sNwf6Gr1klq9e5YmvocO7yKuh/ljIFfyVilD2/qI1jQJB0/gRrnO2kzPXxQ1APHGmMVVKgHZAjBa57YEJXkEKpFoB2xkUkjQm/0yubbNA==", "X-Forefront-Antispam-Report": "CIP:149.6.166.170; CTRY:FR; LANG:en; SCL:1; SRV:;\n IPV:CAL; SFV:NSPM; H:proxy.softathome.com; PTR:InfoDomainNonexistent;\n CAT:NONE;\n SFS:(13230040)(1800799024)(36860700016)(376014)(82310400026)(56012099003)(18002099003)(17002099007)(22082099003);\n DIR:OUT; SFP:1101;", "X-MS-Exchange-AntiSpam-MessageData-ChunkCount": "1", "X-MS-Exchange-AntiSpam-MessageData-0": "\n pLf/OtRFOF1PHZH1URAXoMhza8SiLjjkwifv4aqFeszHGVhJA2ZvqUQ8V2dVSiQJ1tG+w0g6h5clVf7OFLPk4FuqhRmaRbgfaKEKEMNuaBo9J9FQ0d0Vr8afG1d/7X5S44nxGbPODSMmUAF/A2mpqczG6KgsV02111tLF1AtbXWaSN6fGsJ4qIR87sAgiU0a+qrzD+E8IeAOWDl3Q2OLclR6PD9ekAes5JXWDe38xGLeyWPkpeBv/tpfiWK9D4Z8OxMsRz5F5qUhfI3cwimbGRvMyDS34nd8vKtH0mUgjoMXJ4zYtAdtK6dAGsEFtMyVQQWgAFYnmOnnagH1Gg/ibMtmNK9c85+dP3yv9w5YMTPDKk5kvybuNVgyHa3VrgQphx7cwE57Rt9eyqyslJOqbdinhqM8QU+hkeAK8TXuzQW9dn6z1WN+NCJMfcHeG9jy", "X-OriginatorOrg": "softathome.com", "X-MS-Exchange-CrossTenant-OriginalArrivalTime": "17 Apr 2026 13:02:10.5642 (UTC)", "X-MS-Exchange-CrossTenant-Network-Message-Id": "\n ef959989-6904-4681-ba38-08de9c818994", "X-MS-Exchange-CrossTenant-Id": "aa10e044-e405-4c10-8353-36b4d0cce511", "X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp": "\n TenantId=aa10e044-e405-4c10-8353-36b4d0cce511; Ip=[149.6.166.170];\n Helo=[proxy.softathome.com]", "X-MS-Exchange-CrossTenant-AuthSource": "PA2PEPF00019231.FRAP264.PROD.OUTLOOK.COM", "X-MS-Exchange-CrossTenant-AuthAs": "Anonymous", "X-MS-Exchange-CrossTenant-FromEntityHeader": "HybridOnPrem", "X-MS-Exchange-Transport-CrossTenantHeadersStamped": "MRYP264MB6139", "X-BeenThere": "u-boot@lists.denx.de", "X-Mailman-Version": "2.1.39", "Precedence": "list", "List-Id": "U-Boot discussion <u-boot.lists.denx.de>", "List-Unsubscribe": "<https://lists.denx.de/options/u-boot>,\n <mailto:u-boot-request@lists.denx.de?subject=unsubscribe>", "List-Archive": "<https://lists.denx.de/pipermail/u-boot/>", "List-Post": "<mailto:u-boot@lists.denx.de>", "List-Help": "<mailto:u-boot-request@lists.denx.de?subject=help>", "List-Subscribe": "<https://lists.denx.de/listinfo/u-boot>,\n <mailto:u-boot-request@lists.denx.de?subject=subscribe>", "Errors-To": "u-boot-bounces@lists.denx.de", "Sender": "\"U-Boot\" <u-boot-bounces@lists.denx.de>", "X-Virus-Scanned": "clamav-milter 0.103.8 at phobos.denx.de", "X-Virus-Status": "Clean" }, "content": "Right now, binman can only create pre-load header\nusing rsa. We add the support of ecdsa.\n\nSigned-off-by: Philippe Reynes <philippe.reynes@softathome.com>\n---\nv3:\n- initial version\nv4:\n- merge patch 11 that was adding test for ecdsa pre-load\n- add key size check\n- use exc instead of simply e\n- rename dts filaneme\n- add a test to check key size\n\n tools/binman/etype/pre_load.py | 76 +++++++++++++++++--\n tools/binman/ftest.py | 50 ++++++++++++\n tools/binman/test/ecdsa521.pem | 7 ++\n tools/binman/test/security/pre_load_ecdsa.dts | 22 ++++++\n .../security/pre_load_ecdsa_invalid_algo.dts | 22 ++++++\n .../security/pre_load_ecdsa_invalid_key.dts | 22 ++++++\n .../security/pre_load_ecdsa_invalid_sha.dts | 22 ++++++\n 7 files changed, 213 insertions(+), 8 deletions(-)\n create mode 100644 tools/binman/test/ecdsa521.pem\n create mode 100644 tools/binman/test/security/pre_load_ecdsa.dts\n create mode 100644 tools/binman/test/security/pre_load_ecdsa_invalid_algo.dts\n create mode 100644 tools/binman/test/security/pre_load_ecdsa_invalid_key.dts\n create mode 100644 tools/binman/test/security/pre_load_ecdsa_invalid_sha.dts", "diff": "diff --git a/tools/binman/etype/pre_load.py b/tools/binman/etype/pre_load.py\nindex 00f1a896767..057422ab0dc 100644\n--- a/tools/binman/etype/pre_load.py\n+++ b/tools/binman/etype/pre_load.py\n@@ -16,8 +16,10 @@ from binman.entry import EntryArg\n \n from Cryptodome.Hash import SHA256, SHA384, SHA512\n from Cryptodome.PublicKey import RSA\n+from Cryptodome.PublicKey import ECC\n from Cryptodome.Signature import pkcs1_15\n from Cryptodome.Signature import pss\n+from Cryptodome.Signature import DSS\n \n PRE_LOAD_MAGIC = b'UBSH'\n \n@@ -27,6 +29,12 @@ RSAS = {\n 'rsa4096': 4096 / 8\n }\n \n+ECDSAS = {\n+ 'ecdsa256': 256 / 8 * 2,\n+ 'ecdsa384': 384 / 8 * 2,\n+ 'ecdsa521': 132\n+}\n+\n SHAS = {\n 'sha256': SHA256,\n 'sha384': SHA384,\n@@ -86,17 +94,10 @@ class Entry_pre_load(Entry_collection):\n if self.key_path is None:\n self.key_path = ''\n \n- def _CreateHeader(self):\n- \"\"\"Create a pre load header\"\"\"\n- hash_name, sign_name = self.algo_name.split(',')\n- padding_name = self.padding_name\n- key_name = os.path.join(self.key_path, self.key_name)\n-\n+ def _CreateHeaderRsa(self, hash_name, sign_name, padding_name, key_name):\n # Check hash and signature name/type\n if hash_name not in SHAS:\n self.Raise(hash_name + \" is not supported\")\n- if sign_name not in RSAS:\n- self.Raise(sign_name + \" is not supported\")\n \n # Read the key\n key = RSA.import_key(tools.read_file(key_name))\n@@ -151,6 +152,65 @@ class Entry_pre_load(Entry_collection):\n \n return data + pad\n \n+ def _CreateHeaderEcdsa(self, hash_name, sign_name, key_name):\n+ # Check hash and signature name/type\n+ if hash_name not in SHAS:\n+ self.Raise(hash_name + \" is not supported\")\n+\n+ # Read the key\n+ key = ECC.import_key(tools.read_file(key_name))\n+\n+ # Check if the key has the expected size\n+ if key.pointQ.size_in_bytes() * 2 != ECDSAS[sign_name]:\n+ self.Raise(\"The key \" + self.key_name + \" don't have the expected size\")\n+\n+ # Compute the hash\n+ hash_image = SHAS[hash_name].new()\n+ hash_image.update(self.image)\n+\n+ # Compute the signature\n+ signer = DSS.new(key, 'fips-186-3')\n+ sig = signer.sign(hash_image)\n+\n+ hash_sig = SHA256.new()\n+ hash_sig.update(sig)\n+\n+ version = self.version\n+ header_size = self.header_size\n+ image_size = len(self.image)\n+ ofs_img_sig = 64 + len(sig)\n+ flags = 0\n+ reserved0 = 0\n+ reserved1 = 0\n+\n+ first_header = struct.pack('>4sIIIIIII32s', PRE_LOAD_MAGIC,\n+ version, header_size, image_size,\n+ ofs_img_sig, flags, reserved0,\n+ reserved1, hash_sig.digest())\n+\n+ hash_first_header = SHAS[hash_name].new()\n+ hash_first_header.update(first_header)\n+ sig_first_header = signer.sign(hash_first_header)\n+\n+ data = first_header + sig_first_header + sig\n+ pad = bytearray(self.header_size - len(data))\n+\n+ return data + pad\n+\n+ def _CreateHeader(self):\n+ \"\"\"Create a pre load header\"\"\"\n+ hash_name, sign_name = self.algo_name.split(',')\n+ padding_name = self.padding_name\n+ key_name = os.path.join(self.key_path, self.key_name)\n+\n+ if sign_name in RSAS:\n+ return self._CreateHeaderRsa(hash_name, sign_name, padding_name, key_name)\n+\n+ if sign_name in ECDSAS:\n+ return self._CreateHeaderEcdsa(hash_name, sign_name, key_name)\n+\n+ self.Raise(sign_name + \" is not supported\")\n+\n def ObtainContents(self):\n \"\"\"Obtain a placeholder for the header contents\"\"\"\n # wait that the image is available\ndiff --git a/tools/binman/ftest.py b/tools/binman/ftest.py\nindex ca5149ee654..bc0fc05a36d 100644\n--- a/tools/binman/ftest.py\n+++ b/tools/binman/ftest.py\n@@ -5895,6 +5895,56 @@ fdt fdtmap Extract the devicetree blob from the fdtmap\n data = self._DoReadFileDtb('security/pre_load_invalid_key.dts',\n entry_args=entry_args)\n \n+ def testPreLoadEcdsa(self):\n+ \"\"\"Test an image with a pre-load header using ecdsa key\"\"\"\n+ entry_args = {\n+ 'pre-load-key-path': os.path.join(self._binman_dir, 'test'),\n+ }\n+ data = self._DoReadFileDtb(\n+ 'security/pre_load_ecdsa.dts', entry_args=entry_args,\n+ extra_indirs=[os.path.join(self._binman_dir, 'test')])[0]\n+\n+ image_fname = tools.get_output_filename('image.bin')\n+ is_signed = self._CheckPreload(image_fname, self.TestFile(\"ecdsa521.pem\"), \"sha256,ecdsa521\")\n+\n+ self.assertEqual(PRE_LOAD_MAGIC, data[:len(PRE_LOAD_MAGIC)])\n+ self.assertEqual(PRE_LOAD_VERSION, data[4:4 + len(PRE_LOAD_VERSION)])\n+ self.assertEqual(PRE_LOAD_HDR_SIZE, data[8:8 + len(PRE_LOAD_HDR_SIZE)])\n+ self.assertEqual(is_signed, True)\n+\n+ def testPreLoadEcdsaInvalidSha(self):\n+ \"\"\"Test an image with a pre-load ecdsa header with an invalid hash\"\"\"\n+ entry_args = {\n+ 'pre-load-key-path': os.path.join(self._binman_dir, 'test'),\n+ }\n+ with self.assertRaises(ValueError) as exc:\n+ self._DoReadFileDtb('security/pre_load_ecdsa_invalid_sha.dts',\n+ entry_args=entry_args)\n+ self.assertIn(\"/binman/pre-load': sha2560 is not supported\",\n+ str(exc.exception))\n+\n+ def testPreLoadEcdsaInvalidAlgo(self):\n+ \"\"\"Test an image with a pre-load header with an invalid algo\"\"\"\n+ entry_args = {\n+ 'pre-load-key-path': os.path.join(self._binman_dir, 'test'),\n+ }\n+ with self.assertRaises(ValueError) as exc:\n+ data = self._DoReadFileDtb('security/pre_load_ecdsa_invalid_algo.dts',\n+ entry_args=entry_args)\n+ self.assertIn(\"Node '/binman/pre-load': ecdsa5210 is not supported\",\n+ str(exc.exception))\n+\n+ def testPreLoadEcdsaInvalidKey(self):\n+ \"\"\"Test an image with a pre-load header with an invalid key size\"\"\"\n+ entry_args = {\n+ 'pre-load-key-path': os.path.join(self._binman_dir, 'test'),\n+ }\n+ with self.assertRaises(ValueError) as exc:\n+ data = self._DoReadFileDtb('security/pre_load_ecdsa_invalid_key.dts',\n+ entry_args=entry_args)\n+ self.assertIn(\"Node '/binman/pre-load': The key ecdsa521.pem don't have the expected size\",\n+ str(exc.exception))\n+\n def _CheckSafeUniqueNames(self, *images):\n \"\"\"Check all entries of given images for unsafe unique names\"\"\"\n for image in images:\ndiff --git a/tools/binman/test/ecdsa521.pem b/tools/binman/test/ecdsa521.pem\nnew file mode 100644\nindex 00000000000..ac1904d3955\n--- /dev/null\n+++ b/tools/binman/test/ecdsa521.pem\n@@ -0,0 +1,7 @@\n+-----BEGIN EC PRIVATE KEY-----\n+MIHcAgEBBEIBM+CNnraGci2/mw1wPq44l2HccHnoBbdP3DiU6zqsBOq8IR8uegz2\n+FLzWsjxcW7hwROCdEm6tW99wqsyPE25RZ3egBwYFK4EEACOhgYkDgYYABABu5bWV\n+aQ4EgnXFjojX9df3gBEBipphEEFAoG87GuoWBdlimFC8UEEXiKNU37w0wlJn4bG0\n+8uOKwDqBk3uF+DrmZwB45lCSKkjdRWsJeDt+iEuFe2O/mbXoL4p5D8MM2OsDV5GT\n+srUbxhXq+T/i5lV7XXm2+tT/7zU8ZQce6WRufbd9KQ==\n+-----END EC PRIVATE KEY-----\ndiff --git a/tools/binman/test/security/pre_load_ecdsa.dts b/tools/binman/test/security/pre_load_ecdsa.dts\nnew file mode 100644\nindex 00000000000..247b85aad4c\n--- /dev/null\n+++ b/tools/binman/test/security/pre_load_ecdsa.dts\n@@ -0,0 +1,22 @@\n+// SPDX-License-Identifier: GPL-2.0+\n+\n+/dts-v1/;\n+\n+/ {\n+\t#address-cells = <1>;\n+\t#size-cells = <1>;\n+\n+\tbinman {\n+\t\tpre-load {\n+\t\t\tcontent = <&image>;\n+\t\t\talgo-name = \"sha256,ecdsa521\";\n+\t\t\tkey-name = \"ecdsa521.pem\";\n+\t\t\theader-size = <4096>;\n+\t\t\tversion = <0x11223344>;\n+\t\t};\n+\n+\t\timage: blob-ext {\n+\t\t\tfilename = \"refcode.bin\";\n+\t\t};\n+\t};\n+};\ndiff --git a/tools/binman/test/security/pre_load_ecdsa_invalid_algo.dts b/tools/binman/test/security/pre_load_ecdsa_invalid_algo.dts\nnew file mode 100644\nindex 00000000000..be71edbbdcd\n--- /dev/null\n+++ b/tools/binman/test/security/pre_load_ecdsa_invalid_algo.dts\n@@ -0,0 +1,22 @@\n+// SPDX-License-Identifier: GPL-2.0+\n+\n+/dts-v1/;\n+\n+/ {\n+\t#address-cells = <1>;\n+\t#size-cells = <1>;\n+\n+\tbinman {\n+\t\tpre-load {\n+\t\t\tcontent = <&image>;\n+\t\t\talgo-name = \"sha256,ecdsa5210\";\n+\t\t\tkey-name = \"ecdsa521.pem\";\n+\t\t\theader-size = <4096>;\n+\t\t\tversion = <0x11223344>;\n+\t\t};\n+\n+\t\timage: blob-ext {\n+\t\t\tfilename = \"refcode.bin\";\n+\t\t};\n+\t};\n+};\ndiff --git a/tools/binman/test/security/pre_load_ecdsa_invalid_key.dts b/tools/binman/test/security/pre_load_ecdsa_invalid_key.dts\nnew file mode 100644\nindex 00000000000..15d71cf0324\n--- /dev/null\n+++ b/tools/binman/test/security/pre_load_ecdsa_invalid_key.dts\n@@ -0,0 +1,22 @@\n+// SPDX-License-Identifier: GPL-2.0+\n+\n+/dts-v1/;\n+\n+/ {\n+\t#address-cells = <1>;\n+\t#size-cells = <1>;\n+\n+\tbinman {\n+\t\tpre-load {\n+\t\t\tcontent = <&image>;\n+\t\t\talgo-name = \"sha256,ecdsa384\";\n+\t\t\tkey-name = \"ecdsa521.pem\";\n+\t\t\theader-size = <4096>;\n+\t\t\tversion = <0x11223344>;\n+\t\t};\n+\n+\t\timage: blob-ext {\n+\t\t\tfilename = \"refcode.bin\";\n+\t\t};\n+\t};\n+};\ndiff --git a/tools/binman/test/security/pre_load_ecdsa_invalid_sha.dts b/tools/binman/test/security/pre_load_ecdsa_invalid_sha.dts\nnew file mode 100644\nindex 00000000000..1017707375e\n--- /dev/null\n+++ b/tools/binman/test/security/pre_load_ecdsa_invalid_sha.dts\n@@ -0,0 +1,22 @@\n+// SPDX-License-Identifier: GPL-2.0+\n+\n+/dts-v1/;\n+\n+/ {\n+\t#address-cells = <1>;\n+\t#size-cells = <1>;\n+\n+\tbinman {\n+\t\tpre-load {\n+\t\t\tcontent = <&image>;\n+\t\t\talgo-name = \"sha2560,ecdsa521\";\n+\t\t\tkey-name = \"ecdsa521.pem\";\n+\t\t\theader-size = <4096>;\n+\t\t\tversion = <0x11223344>;\n+\t\t};\n+\n+\t\timage: blob-ext {\n+\t\t\tfilename = \"refcode.bin\";\n+\t\t};\n+\t};\n+};\n", "prefixes": [ "v4", "10/14" ] }