From patchwork Wed Dec  7 19:24:26 2022
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Marek Vasut <marex@denx.de>
X-Patchwork-Id: 1713429
X-Patchwork-Delegate: patrice.chotard@st.com
Return-Path: <u-boot-bounces@lists.denx.de>
X-Original-To: incoming@patchwork.ozlabs.org
Delivered-To: patchwork-incoming@legolas.ozlabs.org
Authentication-Results: legolas.ozlabs.org;
 spf=pass (sender SPF authorized) smtp.mailfrom=lists.denx.de
 (client-ip=2a01:238:438b:c500:173d:9f52:ddab:ee01; helo=phobos.denx.de;
 envelope-from=u-boot-bounces@lists.denx.de; receiver=<UNKNOWN>)
Authentication-Results: legolas.ozlabs.org;
	dkim=pass (2048-bit key;
 unprotected) header.d=denx.de header.i=@denx.de header.a=rsa-sha256
 header.s=phobos-20191101 header.b=PBYp4979;
	dkim=pass (2048-bit key) header.d=denx.de header.i=@denx.de
 header.a=rsa-sha256 header.s=phobos-20191101 header.b=QSdV+gsu;
	dkim-atps=neutral
Received: from phobos.denx.de (phobos.denx.de
 [IPv6:2a01:238:438b:c500:173d:9f52:ddab:ee01])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature ECDSA (P-384))
	(No client certificate requested)
	by legolas.ozlabs.org (Postfix) with ESMTPS id 4NS6h83T9mz23pB
	for <incoming@patchwork.ozlabs.org>; Thu,  8 Dec 2022 06:25:44 +1100 (AEDT)
Received: from h2850616.stratoserver.net (localhost [IPv6:::1])
	by phobos.denx.de (Postfix) with ESMTP id 394FD84480;
	Wed,  7 Dec 2022 20:25:03 +0100 (CET)
Authentication-Results: phobos.denx.de;
 dmarc=none (p=none dis=none) header.from=denx.de
Authentication-Results: phobos.denx.de;
 spf=pass smtp.mailfrom=u-boot-bounces@lists.denx.de
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=denx.de;
	s=phobos-20191101; t=1670441103;
	bh=pP3Rfrmp9KqXqEuGL68RogSbBiCMnrcqDtVQhr5VaHs=;
	h=From:To:Cc:Subject:Date:In-Reply-To:References:List-Id:
	 List-Unsubscribe:List-Archive:List-Post:List-Help:List-Subscribe:
	 From;
	b=PBYp4979IVCglmEdXcxv9rCdS5qwr+TyGvqsiK0IZW/xIJhWOO1ch3OAWVDrc9V06
	 g4c2pUf+Xv3bisvPvanEsw3NrwwBc4voBOeXqwewFcFZUYuDGWSWADavJDg16VDx0q
	 htJgTS4aTdQj9+t9VHGrpbIqxNHb+vk7l4/OwuU//suxIVpOICYcKA589AObKZVUta
	 qUAPu2ZPS8quNgAG/4Wx01NKm0l+FbopOtFAf8hvNfcmS3TuXukDhxx9ylry24kLfe
	 KWcLJehDvUsqWkpHw2nOf0gzaNJHXW2JZVG7A98eLR7t72cktkHO+BRz6apkfV33BB
	 i7PKncR/0Il7A==
Received: from tr.lan (ip-86-49-120-218.bb.vodafone.cz [86.49.120.218])
 (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits))
 (No client certificate requested)
 (Authenticated sender: marex@denx.de)
 by phobos.denx.de (Postfix) with ESMTPSA id 6A471833E8;
 Wed,  7 Dec 2022 20:24:49 +0100 (CET)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=denx.de;
 s=phobos-20191101; t=1670441089;
 bh=pP3Rfrmp9KqXqEuGL68RogSbBiCMnrcqDtVQhr5VaHs=;
 h=From:To:Cc:Subject:Date:In-Reply-To:References:From;
 b=QSdV+gsuHprNh9FXcYweO4KyILt7NWbL9RlnxEH+Ui7Ao+/uth09IlyZQa+yL/T6Z
 qdd7/rC1YTkaHyxt+SAFHMyml52NovSj5LYV4CkxbzCKzgJXrRIcBycqifAb65pak6
 Y46D1RdsZ31OM/ubp+E76LDlQ4q8tbO6oxG1mJwYYUyr0yt1vKoamtI567S8WvhgZB
 TL2Cdcg12L98omJpuCNRMs9HxLJepH3yTrWSyNOrIMFyoCZvIBxIXxOdbBtn7R98mP
 cA7yGA8GqPL7hDq2zm3RXOpiCXEWbdzZZ4AEug2s55azLC6CcI5ZPEDPaJ5oKyuxqd
 0B3LdniYNsuLQ==
From: Marek Vasut <marex@denx.de>
To: u-boot@lists.denx.de
Cc: Marek Vasut <marex@denx.de>,
 Patrice Chotard <patrice.chotard@foss.st.com>,
 Patrick Delaunay <patrick.delaunay@foss.st.com>,
 Alexandru Gagniuc <mr.nuke.me@gmail.com>
Subject: [PATCH v3 4/4] ARM: stm32: Make ECDSA authentication available to
 U-Boot
Date: Wed,  7 Dec 2022 20:24:26 +0100
Message-Id: <20221207192426.45591-4-marex@denx.de>
X-Mailer: git-send-email 2.35.1
In-Reply-To: <20221207192426.45591-1-marex@denx.de>
References: <20221207192426.45591-1-marex@denx.de>
MIME-Version: 1.0
X-BeenThere: u-boot@lists.denx.de
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: U-Boot discussion <u-boot.lists.denx.de>
List-Unsubscribe: <https://lists.denx.de/options/u-boot>,
 <mailto:u-boot-request@lists.denx.de?subject=unsubscribe>
List-Archive: <https://lists.denx.de/pipermail/u-boot/>
List-Post: <mailto:u-boot@lists.denx.de>
List-Help: <mailto:u-boot-request@lists.denx.de?subject=help>
List-Subscribe: <https://lists.denx.de/listinfo/u-boot>,
 <mailto:u-boot-request@lists.denx.de?subject=subscribe>
Errors-To: u-boot-bounces@lists.denx.de
Sender: "U-Boot" <u-boot-bounces@lists.denx.de>
X-Virus-Scanned: clamav-milter 0.103.6 at phobos.denx.de
X-Virus-Status: Clean

With U-Boot having access to ROM API call table, it is possible to use
the ROM API call it authenticate e.g. signed kernel fitImages using the
BootROM ECDSA support. Make this available by pulling the ECDSA BootROM
call support from SPL-only guard.

Reviewed-by: Patrice Chotard <patrice.chotard@foss.st.com>
Reviewed-by: Patrick Delaunay <patrick.delaunay@foss.st.com>
Signed-off-by: Marek Vasut <marex@denx.de>
---
Cc: Alexandru Gagniuc <mr.nuke.me@gmail.com>
Cc: Patrice Chotard <patrice.chotard@foss.st.com>
Cc: Patrick Delaunay <patrick.delaunay@foss.st.com>
---
V2: Add RB from Patrice and Patrick
V3: No change
---
 arch/arm/mach-stm32mp/Makefile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/arch/arm/mach-stm32mp/Makefile b/arch/arm/mach-stm32mp/Makefile
index 1db9057e049..a19b2797c8b 100644
--- a/arch/arm/mach-stm32mp/Makefile
+++ b/arch/arm/mach-stm32mp/Makefile
@@ -11,10 +11,10 @@ obj-y += bsec.o
 obj-$(CONFIG_STM32MP13x) += stm32mp13x.o
 obj-$(CONFIG_STM32MP15x) += stm32mp15x.o
 
+obj-$(CONFIG_STM32_ECDSA_VERIFY) += ecdsa_romapi.o
 ifdef CONFIG_SPL_BUILD
 obj-y += spl.o
 obj-y += tzc400.o
-obj-$(CONFIG_STM32_ECDSA_VERIFY) += ecdsa_romapi.o
 else
 obj-y += cmd_stm32prog/
 obj-$(CONFIG_CMD_STM32KEY) += cmd_stm32key.o