{"id":2224477,"url":"http://patchwork.ozlabs.org/api/1.2/patches/2224477/?format=json","web_url":"http://patchwork.ozlabs.org/project/uboot/patch/20260417130204.49896-12-philippe.reynes@softathome.com/","project":{"id":18,"url":"http://patchwork.ozlabs.org/api/1.2/projects/18/?format=json","name":"U-Boot","link_name":"uboot","list_id":"u-boot.lists.denx.de","list_email":"u-boot@lists.denx.de","web_url":null,"scm_url":null,"webscm_url":null,"list_archive_url":"","list_archive_url_format":"","commit_url_format":""},"msgid":"<20260417130204.49896-12-philippe.reynes@softathome.com>","list_archive_url":null,"date":"2026-04-17T13:02:01","name":"[v4,11/14] boot: pre-load: add support of ecdsa","commit_ref":null,"pull_url":null,"state":"superseded","archived":false,"hash":"9cf49bfa80a624875fba37977f0375f6fbf55d70","submitter":{"id":74351,"url":"http://patchwork.ozlabs.org/api/1.2/people/74351/?format=json","name":"Philippe Reynes","email":"philippe.reynes@softathome.com"},"delegate":{"id":161313,"url":"http://patchwork.ozlabs.org/api/1.2/users/161313/?format=json","username":"raymo200915","first_name":"Raymond","last_name":"Mao","email":"raymondmaoca@gmail.com"},"mbox":"http://patchwork.ozlabs.org/project/uboot/patch/20260417130204.49896-12-philippe.reynes@softathome.com/mbox/","series":[{"id":500332,"url":"http://patchwork.ozlabs.org/api/1.2/series/500332/?format=json","web_url":"http://patchwork.ozlabs.org/project/uboot/list/?series=500332","date":"2026-04-17T13:02:04","name":"add software ecdsa support","version":4,"mbox":"http://patchwork.ozlabs.org/series/500332/mbox/"}],"comments":"http://patchwork.ozlabs.org/api/patches/2224477/comments/","check":"pending","checks":"http://patchwork.ozlabs.org/api/patches/2224477/checks/","tags":{},"related":[],"headers":{"Return-Path":"<u-boot-bounces@lists.denx.de>","X-Original-To":"incoming@patchwork.ozlabs.org","Delivered-To":"patchwork-incoming@legolas.ozlabs.org","Authentication-Results":["legolas.ozlabs.org;\n\tdkim=pass (2048-bit key;\n unprotected) header.d=softathome1.onmicrosoft.com header.i=@softathome1.onmicrosoft.com\n header.a=rsa-sha256 header.s=selector1-softathome1-onmicrosoft-com\n header.b=pjRmfIgD;\n\tdkim-atps=neutral","legolas.ozlabs.org;\n spf=pass (sender SPF authorized) smtp.mailfrom=lists.denx.de\n (client-ip=2a01:238:438b:c500:173d:9f52:ddab:ee01; helo=phobos.denx.de;\n envelope-from=u-boot-bounces@lists.denx.de; receiver=patchwork.ozlabs.org)","phobos.denx.de;\n dmarc=none (p=none dis=none) header.from=softathome.com","phobos.denx.de;\n spf=pass smtp.mailfrom=u-boot-bounces@lists.denx.de","phobos.denx.de;\n\tdkim=pass (2048-bit key;\n unprotected) header.d=softathome1.onmicrosoft.com header.i=@softathome1.onmicrosoft.com\n header.b=\"pjRmfIgD\";\n\tdkim-atps=neutral","phobos.denx.de; dmarc=none (p=none dis=none)\n header.from=softathome.com","phobos.denx.de;\n spf=pass smtp.mailfrom=philippe.reynes@softathome.com"],"Received":["from phobos.denx.de (phobos.denx.de\n [IPv6:2a01:238:438b:c500:173d:9f52:ddab:ee01])\n\t(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)\n\t key-exchange x25519 server-signature ECDSA (secp384r1) server-digest SHA384)\n\t(No client certificate requested)\n\tby legolas.ozlabs.org (Postfix) with ESMTPS id 4fxw5n13T1z1yCv\n\tfor <incoming@patchwork.ozlabs.org>; Fri, 17 Apr 2026 23:02:37 +1000 (AEST)","from h2850616.stratoserver.net (localhost [IPv6:::1])\n\tby phobos.denx.de (Postfix) with ESMTP id 063ED84297;\n\tFri, 17 Apr 2026 15:02:18 +0200 (CEST)","by phobos.denx.de (Postfix, from userid 109)\n id 049D084310; Fri, 17 Apr 2026 15:02:17 +0200 (CEST)","from PA5P264CU001.outbound.protection.outlook.com\n (mail-francecentralazlp170100000.outbound.protection.outlook.com\n [IPv6:2a01:111:f403:c20a::])\n (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits))\n (No client certificate requested)\n by phobos.denx.de (Postfix) with ESMTPS id 041A984297\n for <u-boot@lists.denx.de>; Fri, 17 Apr 2026 15:02:13 +0200 (CEST)","from PA7P264CA0513.FRAP264.PROD.OUTLOOK.COM (2603:10a6:102:3da::24)\n by PR0P264MB2773.FRAP264.PROD.OUTLOOK.COM (2603:10a6:102:1d0::8) with\n Microsoft SMTP Server (version=TLS1_2,\n cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.9818.25; Fri, 17 Apr\n 2026 13:02:10 +0000","from PA3PEPF000089B8.FRAP264.PROD.OUTLOOK.COM\n (2603:10a6:102:3da:cafe::6) by PA7P264CA0513.outlook.office365.com\n (2603:10a6:102:3da::24) with Microsoft SMTP Server (version=TLS1_3,\n cipher=TLS_AES_256_GCM_SHA384) id 15.20.9769.52 via Frontend Transport; Fri,\n 17 Apr 2026 13:02:10 +0000","from proxy.softathome.com (149.6.166.170) by\n PA3PEPF000089B8.mail.protection.outlook.com (10.167.242.20) with Microsoft\n SMTP Server (version=TLS1_3, cipher=TLS_AES_256_GCM_SHA384) id 15.20.9769.17\n via Frontend Transport; Fri, 17 Apr 2026 13:02:10 +0000","from sah1lpt726.home (unknown [192.168.72.39])\n by proxy.softathome.com (Postfix) with ESMTPSA id 8232220AC1;\n Fri, 17 Apr 2026 15:02:10 +0200 (CEST)"],"X-Spam-Checker-Version":"SpamAssassin 3.4.2 (2018-09-13) on phobos.denx.de","X-Spam-Level":"","X-Spam-Status":"No, score=-1.9 required=5.0 tests=BAYES_00,DKIM_SIGNED,\n DKIM_VALID,RCVD_IN_DNSWL_BLOCKED,SPF_HELO_PASS,SPF_PASS autolearn=ham\n autolearn_force=no version=3.4.2","ARC-Seal":"i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none;\n b=hjq49x6UNa1JMlymXIWzZ9C2Q8qxGIE0U8n4I1YXw6+F/7t4Xx9agRQD0OzxkxIFhvutLu89GROn2t8UwxyO9dICpXBR1CXh585N7gIyzy6J0RJcFZboEkEpexvXnW7gdzh9Z8HMQsLq25RqxpVqKSoKPMiUuc9xsGNwcuPt0aIoicAbmn0MgRR543Od+cUdMVlU9PFoNqGRs6LAq4CnbuhiLMc8WJgjIRnSqhs1Kr84Iegrbg774+2ZG17zFciMVluKXQ06TvN8TF/RiOdKjqYKgs1gRr4ha6O8rNxDd7+8pyVzDWVaw/qshb7TDgX2aHbO4SMxkSDr8+XIsOGT3w==","ARC-Message-Signature":"i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com;\n s=arcselector10001;\n h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1;\n bh=vL61mFZcXUwPeXL8UYtu8gOuiyvgKCqJCamFOWv7wlk=;\n b=x+95CMX0MbFLw3WxUQCmyT0cjEu7NhFQ6RAJ0dzFDg5Rpy1sJQ+m9+OgWG4CQL8564sWcUE5aHLFq9s84OGQnVdZ+Dn2j1AYb6+XCKnfV/ECNOULnIaut1/yzwTBkVY5iQ0nenv/q4jMms3+grjhgtQRRJZXEiL16CETSAaYXl0U/X9wevWdWnGVgBAe/E/MicuIXJP3zwf8m9qRb7mAQocQ4Hy0n3Z+PLs/4jPEgo0MDPP5GctI1AANWGHzqKPyM1GSYQhnRzBBOHaU5VyeqWNylbRAqfgq/7oVxAUtDzmYZWQRZ9I8aT981FgohiywVvJFzmhFxta6smH6Mgk3gg==","ARC-Authentication-Results":"i=1; mx.microsoft.com 1; spf=pass (sender ip is\n 149.6.166.170) smtp.rcpttodomain=canonical.com smtp.mailfrom=softathome.com;\n dmarc=bestguesspass action=none header.from=softathome.com; dkim=none\n (message not signed); arc=none (0)","DKIM-Signature":"v=1; a=rsa-sha256; c=relaxed/relaxed;\n d=softathome1.onmicrosoft.com; s=selector1-softathome1-onmicrosoft-com;\n h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck;\n bh=vL61mFZcXUwPeXL8UYtu8gOuiyvgKCqJCamFOWv7wlk=;\n b=pjRmfIgD5RqqFZXF8zyxUTJUY8xyOLdeSy7fQ9FPtUMavwvC2P285yr+eTk0j4RhXmw8bsjZqjZ9s3oKFpMWwjzr6jg65L08o3DTwKfLymV8bJsZ7yS77RFm6fg5C2NTzTLmzTdHOu6X4KxdbMvqfDCUgOx3F030fTe30a4BMH1bJmf+WNYRBgTqmwoPHC3xSAfRinJfY/ICjstvq0Z4EoKp6GxBd4mGDDkTkb35n1dYUeAc5k6o7t0wncBEhlG1ni9221gSRb+8IHeQcwKNW2VBYDtQXb7RSqZcsSBeMtewFpMf6n59dmO06/5moH+IE7UeTRM3fVnsdj10g/0hjQ==","X-MS-Exchange-Authentication-Results":"spf=pass (sender IP is 149.6.166.170)\n smtp.mailfrom=softathome.com; dkim=none (message not signed)\n header.d=none;dmarc=bestguesspass action=none header.from=softathome.com;","Received-SPF":"Pass (protection.outlook.com: domain of softathome.com\n designates 149.6.166.170 as permitted sender)\n receiver=protection.outlook.com; client-ip=149.6.166.170;\n helo=proxy.softathome.com; pr=C","From":"Philippe Reynes <philippe.reynes@softathome.com>","To":"marko.makela@iki.fi, jonny.green@keytechinc.com, raymondmaoca@gmail.com,\n trini@konsulko.com, simon.glass@canonical.com","Cc":"u-boot@lists.denx.de,\n\tPhilippe Reynes <philippe.reynes@softathome.com>","Subject":"[PATCH v4 11/14] boot: pre-load: add support of ecdsa","Date":"Fri, 17 Apr 2026 15:02:01 +0200","Message-ID":"<20260417130204.49896-12-philippe.reynes@softathome.com>","X-Mailer":"git-send-email 2.43.0","In-Reply-To":"<20260417130204.49896-1-philippe.reynes@softathome.com>","References":"<20260417130204.49896-1-philippe.reynes@softathome.com>","MIME-Version":"1.0","Content-Transfer-Encoding":"8bit","X-EOPAttributedMessage":"0","X-MS-PublicTrafficType":"Email","X-MS-TrafficTypeDiagnostic":"PA3PEPF000089B8:EE_|PR0P264MB2773:EE_","Content-Type":"text/plain","X-MS-Office365-Filtering-Correlation-Id":"d83fc168-469c-4881-a687-08de9c8189a1","X-MS-Exchange-SenderADCheck":"1","X-MS-Exchange-AntiSpam-Relay":"0","X-Microsoft-Antispam":"BCL:0;\n ARA:13230040|36860700016|82310400026|376014|1800799024|22082099003|56012099003|18002099003;","X-Microsoft-Antispam-Message-Info":"\n SrOHxEisRqjKWCJ3qusRxxEyurbxmaY1DAt9MGLgGN4eVyhYPpv7bOOl4FKqhvR0RqXJnOMAMwraJ227OsNsTdl3kmZSmkHoFVDMrkybyZ6DciK7xxuUlIMGZF/MZZ+g+noY13mKf2O7OOLIwI/LGj0+vtfxnBSlLrH7mcRZ3bSz0aThCrwE7VWZCOALIDpfGvRJMpZUsnE4LpAjRqEkMZ3G6Dv81gbgr/hxES+Kt/Yi/VO4cMK4U+axQP5GhFJc9XBUId8P4jFp4O3paNVtW6wENPC0lyW4l4EOxBmFZMyLWB5s1XhdvOAR3HBGI8lgRakJLAK2cw445KHWGGgEJ3xAUJgcDIyUoDDy6BpMMUShhfBgJhHmCzMUhyxTKakeCeZUKzvyQZKUw7nh1pOFKjScWZs4W0ibLdrA00D7K30FdMQYWBI+QqjH1a5x3p8X07g37uUgXFdMtVGWR2nqL1iKhEHStnODeQx3tcxuX8SnKkPfnAbUhukwV8xnY8qbVZi8FQl9+f5FOhon2RzweY9iouB47YGUTpFlurcwxmcQBZuw9bVUuNnsoG4pcNHu3okNi12F9wRSn4Bn/E+1ncSUXsvTtRec7DdJQhCC5J2x0pUh6tonjRjUx9vrgiBiWdi6e/gClyn+tJWpU2EVu6qtZ1CeMTsRtebISVeiujzPoTCKJhHD6STTZfJ98Y43JG25aa6yjQNqVCvKtFizy1nUhAS0+PHwde8/jTJKPFDRCAKq1ih8sKcQx15r0UaXyEof5yUjfC8nPd5jDDrWbQ==","X-Forefront-Antispam-Report":"CIP:149.6.166.170; CTRY:FR; LANG:en; SCL:1; SRV:;\n IPV:CAL; SFV:NSPM; H:proxy.softathome.com; PTR:InfoDomainNonexistent;\n CAT:NONE;\n SFS:(13230040)(36860700016)(82310400026)(376014)(1800799024)(22082099003)(56012099003)(18002099003);\n DIR:OUT; SFP:1101;","X-MS-Exchange-AntiSpam-MessageData-ChunkCount":"1","X-MS-Exchange-AntiSpam-MessageData-0":"\n j0GvflSWt1YjfW9TqITU00QUKmY2/ndij5uFH0uLr53w3FUZgwLr6rBstO8kXwVL+w5mMDoOhbqeu/Y22GakwWknkNDIBH4oeTQ9mpuaMG/F9mPmYCyvPNpd8I2ir9KtAuPFLTSo4DUkG3flVPxXf9FC80TKiV539HVpHVJdHH2bjcRQA+5EM8FyfMvi4uGvCSXQoyd02byV4lAvELqqnRQL47psrQthgrxzOPWNQ6IGRD1YTn9z+hjbcfXsbc7b3eE18PC1VFji0yGHTy/O3vbhnN0bGsGjMRAhDfh/Zbq9PVXhfw884Mxsx+2cXnLX9ZPvK1FMN5FSvfKcNAoeM2sYcbRNWm4zCZA5UNsYi9I0yc20Iu/derLDd2dbqE1qnJXq6Nx2N6FyVjKIdqkwq7iSfzdhmJDj97EWg9OymDUGhrl2T49194aOyfdLdqz1","X-OriginatorOrg":"softathome.com","X-MS-Exchange-CrossTenant-OriginalArrivalTime":"17 Apr 2026 13:02:10.6455 (UTC)","X-MS-Exchange-CrossTenant-Network-Message-Id":"\n d83fc168-469c-4881-a687-08de9c8189a1","X-MS-Exchange-CrossTenant-Id":"aa10e044-e405-4c10-8353-36b4d0cce511","X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp":"\n TenantId=aa10e044-e405-4c10-8353-36b4d0cce511; Ip=[149.6.166.170];\n Helo=[proxy.softathome.com]","X-MS-Exchange-CrossTenant-AuthSource":"PA3PEPF000089B8.FRAP264.PROD.OUTLOOK.COM","X-MS-Exchange-CrossTenant-AuthAs":"Anonymous","X-MS-Exchange-CrossTenant-FromEntityHeader":"HybridOnPrem","X-MS-Exchange-Transport-CrossTenantHeadersStamped":"PR0P264MB2773","X-BeenThere":"u-boot@lists.denx.de","X-Mailman-Version":"2.1.39","Precedence":"list","List-Id":"U-Boot discussion <u-boot.lists.denx.de>","List-Unsubscribe":"<https://lists.denx.de/options/u-boot>,\n <mailto:u-boot-request@lists.denx.de?subject=unsubscribe>","List-Archive":"<https://lists.denx.de/pipermail/u-boot/>","List-Post":"<mailto:u-boot@lists.denx.de>","List-Help":"<mailto:u-boot-request@lists.denx.de?subject=help>","List-Subscribe":"<https://lists.denx.de/listinfo/u-boot>,\n <mailto:u-boot-request@lists.denx.de?subject=subscribe>","Errors-To":"u-boot-bounces@lists.denx.de","Sender":"\"U-Boot\" <u-boot-bounces@lists.denx.de>","X-Virus-Scanned":"clamav-milter 0.103.8 at phobos.denx.de","X-Virus-Status":"Clean"},"content":"Right now, u-boot can only boot image with a\npre-load header with rsa. We add the support\nof ecdsa.\n\nSigned-off-by: Philippe Reynes <philippe.reynes@softathome.com>\n---\nv3:\n- initial version\nv4:\n- avoid calling image_get_crypto_algo several times\n\n\n boot/image-pre-load.c | 56 ++++++++++++++++++++++++++++++++++---------\n 1 file changed, 45 insertions(+), 11 deletions(-)","diff":"diff --git a/boot/image-pre-load.c b/boot/image-pre-load.c\nindex 2f851ebb28c..8298471cd50 100644\n--- a/boot/image-pre-load.c\n+++ b/boot/image-pre-load.c\n@@ -70,6 +70,17 @@ static int image_pre_load_sig_setup(struct image_sig_info *info)\n \treturn 0;\n }\n #else\n+\n+static int is_ecdsa(struct crypto_algo *crypto)\n+{\n+\tint ret = 0;\n+\n+\tif (crypto && !strncmp(crypto->name, \"ecdsa\", strlen(\"ecdsa\")))\n+\t\tret = 1;\n+\n+\treturn ret;\n+}\n+\n /*\n  * This function gathers information about the signature check\n  * that could be done before launching the image.\n@@ -86,6 +97,7 @@ static int image_pre_load_sig_setup(struct image_sig_info *info)\n \tint key_len;\n \tint node, ret = 0;\n \tchar *sig_info_path = NULL;\n+\tstruct crypto_algo *crypto;\n \n \tif (!info) {\n \t\tlog_err(\"ERROR: info is NULL for image pre-load sig check\\n\");\n@@ -114,11 +126,24 @@ static int image_pre_load_sig_setup(struct image_sig_info *info)\n \t\tgoto out;\n \t}\n \n-\tpadding_name = fdt_getprop(gd_fdt_blob(), node,\n-\t\t\t\t   IMAGE_PRE_LOAD_PROP_PADDING_NAME, NULL);\n-\tif (!padding_name) {\n-\t\tlog_info(\"INFO: no padding_name provided, so using pkcs-1.5\\n\");\n-\t\tpadding_name = \"pkcs-1.5\";\n+\tcrypto = image_get_crypto_algo(algo_name);\n+\tif (!crypto) {\n+\t\tprintf(\"ERROR: can't find a valid crypto algo from %s\\n\",\n+\t\t       (char *)algo_name);\n+\t\tret = -EINVAL;\n+\t\tgoto out;\n+\t}\n+\n+\tif (is_ecdsa(crypto)) {\n+\t\tpadding_name = NULL;\n+\t} else {\n+\t\tpadding_name = fdt_getprop(gd_fdt_blob(), node,\n+\t\t\t\t\t   IMAGE_PRE_LOAD_PROP_PADDING_NAME,\n+\t\t\t\t\t   NULL);\n+\t\tif (!padding_name) {\n+\t\t\tlog_info(\"INFO: no padding_name provided, so using pkcs-1.5\\n\");\n+\t\t\tpadding_name = \"pkcs-1.5\";\n+\t\t}\n \t}\n \n \tsig_size = fdt_getprop(gd_fdt_blob(), node,\n@@ -129,12 +154,17 @@ static int image_pre_load_sig_setup(struct image_sig_info *info)\n \t\tgoto out;\n \t}\n \n-\tkey = fdt_getprop(gd_fdt_blob(), node,\n-\t\t\t  IMAGE_PRE_LOAD_PROP_PUBLIC_KEY, &key_len);\n-\tif (!key) {\n-\t\tlog_err(\"ERROR: no key for image pre-load sig check\\n\");\n-\t\tret = -EINVAL;\n-\t\tgoto out;\n+\tif (is_ecdsa(crypto)) {\n+\t\tkey = NULL;\n+\t\tkey_len = 0;\n+\t} else {\n+\t\tkey = fdt_getprop(gd_fdt_blob(), node,\n+\t\t\t\t  IMAGE_PRE_LOAD_PROP_PUBLIC_KEY, &key_len);\n+\t\tif (!key) {\n+\t\t\tlog_err(\"ERROR: no key for image pre-load sig check\\n\");\n+\t\t\tret = -EINVAL;\n+\t\t\tgoto out;\n+\t\t}\n \t}\n \n \tinfo->algo_name\t\t= (char *)algo_name;\n@@ -155,6 +185,10 @@ static int image_pre_load_sig_setup(struct image_sig_info *info)\n \tinfo->sig_info.crypto   = image_get_crypto_algo(info->sig_info.name);\n \tinfo->sig_info.key      = info->key;\n \tinfo->sig_info.keylen   = info->key_len;\n+\tif (is_ecdsa(crypto)) {\n+\t\tinfo->sig_info.required_keynode = node;\n+\t\tinfo->sig_info.fdt_blob = gd_fdt_blob();\n+\t}\n \n  out:\n \treturn ret;\n","prefixes":["v4","11/14"]}