{"id":2225957,"url":"http://patchwork.ozlabs.org/api/1.2/patches/2225957/?format=json","web_url":"http://patchwork.ozlabs.org/project/uboot/patch/20260421210954.1170437-14-philippe.reynes@softathome.com/","project":{"id":18,"url":"http://patchwork.ozlabs.org/api/1.2/projects/18/?format=json","name":"U-Boot","link_name":"uboot","list_id":"u-boot.lists.denx.de","list_email":"u-boot@lists.denx.de","web_url":null,"scm_url":null,"webscm_url":null,"list_archive_url":"","list_archive_url_format":"","commit_url_format":""},"msgid":"<20260421210954.1170437-14-philippe.reynes@softathome.com>","list_archive_url":null,"date":"2026-04-21T21:09:52","name":"[v5,13/15] tools: preload_check_sign: add support of ecdsa","commit_ref":null,"pull_url":null,"state":"new","archived":false,"hash":"a6e69ad08e806b52dd8b6a1c7a05518adec4e20f","submitter":{"id":74351,"url":"http://patchwork.ozlabs.org/api/1.2/people/74351/?format=json","name":"Philippe Reynes","email":"philippe.reynes@softathome.com"},"delegate":null,"mbox":"http://patchwork.ozlabs.org/project/uboot/patch/20260421210954.1170437-14-philippe.reynes@softathome.com/mbox/","series":[{"id":500895,"url":"http://patchwork.ozlabs.org/api/1.2/series/500895/?format=json","web_url":"http://patchwork.ozlabs.org/project/uboot/list/?series=500895","date":"2026-04-21T21:09:51","name":"add software ecdsa support","version":5,"mbox":"http://patchwork.ozlabs.org/series/500895/mbox/"}],"comments":"http://patchwork.ozlabs.org/api/patches/2225957/comments/","check":"pending","checks":"http://patchwork.ozlabs.org/api/patches/2225957/checks/","tags":{},"related":[],"headers":{"Return-Path":"<u-boot-bounces@lists.denx.de>","X-Original-To":"incoming@patchwork.ozlabs.org","Delivered-To":"patchwork-incoming@legolas.ozlabs.org","Authentication-Results":["legolas.ozlabs.org;\n\tdkim=pass (2048-bit key;\n unprotected) header.d=softathome1.onmicrosoft.com header.i=@softathome1.onmicrosoft.com\n header.a=rsa-sha256 header.s=selector1-softathome1-onmicrosoft-com\n header.b=G4srwqH2;\n\tdkim-atps=neutral","legolas.ozlabs.org;\n spf=pass (sender SPF authorized) smtp.mailfrom=lists.denx.de\n (client-ip=2a01:238:438b:c500:173d:9f52:ddab:ee01; helo=phobos.denx.de;\n envelope-from=u-boot-bounces@lists.denx.de; receiver=patchwork.ozlabs.org)","phobos.denx.de;\n dmarc=none (p=none dis=none) header.from=softathome.com","phobos.denx.de;\n spf=pass smtp.mailfrom=u-boot-bounces@lists.denx.de","phobos.denx.de;\n\tdkim=pass (2048-bit key;\n unprotected) header.d=softathome1.onmicrosoft.com header.i=@softathome1.onmicrosoft.com\n header.b=\"G4srwqH2\";\n\tdkim-atps=neutral","phobos.denx.de; dmarc=none (p=none dis=none)\n header.from=softathome.com","phobos.denx.de;\n spf=pass smtp.mailfrom=philippe.reynes@softathome.com"],"Received":["from phobos.denx.de (phobos.denx.de\n [IPv6:2a01:238:438b:c500:173d:9f52:ddab:ee01])\n\t(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)\n\t key-exchange x25519)\n\t(No client certificate requested)\n\tby legolas.ozlabs.org (Postfix) with ESMTPS id 4g0ZmY4Tm0z1yGs\n\tfor <incoming@patchwork.ozlabs.org>; Wed, 22 Apr 2026 07:11:57 +1000 (AEST)","from h2850616.stratoserver.net (localhost [IPv6:::1])\n\tby phobos.denx.de (Postfix) with ESMTP id 8567784372;\n\tTue, 21 Apr 2026 23:10:29 +0200 (CEST)","by phobos.denx.de (Postfix, from userid 109)\n id 1C510842BF; Tue, 21 Apr 2026 23:10:21 +0200 (CEST)","from MRZP264CU002.outbound.protection.outlook.com\n (mail-francesouthazlp170100001.outbound.protection.outlook.com\n [IPv6:2a01:111:f403:c207::1])\n (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits))\n (No client certificate requested)\n by phobos.denx.de (Postfix) with ESMTPS id 0BB5F84312\n for <u-boot@lists.denx.de>; Tue, 21 Apr 2026 23:10:02 +0200 (CEST)","from PA7P264CA0025.FRAP264.PROD.OUTLOOK.COM (2603:10a6:102:2df::12)\n by PAZP264MB2880.FRAP264.PROD.OUTLOOK.COM (2603:10a6:102:1e5::13)\n with Microsoft SMTP Server (version=TLS1_2,\n cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.9846.16; Tue, 21 Apr\n 2026 21:09:58 +0000","from PA1PEPF000CC3F9.FRAP264.PROD.OUTLOOK.COM\n (2603:10a6:102:2df:cafe::2b) by PA7P264CA0025.outlook.office365.com\n (2603:10a6:102:2df::12) with Microsoft SMTP Server (version=TLS1_3,\n cipher=TLS_AES_256_GCM_SHA384) id 15.20.9791.48 via Frontend Transport; Tue,\n 21 Apr 2026 21:09:58 +0000","from proxy.softathome.com (149.6.166.170) by\n PA1PEPF000CC3F9.mail.protection.outlook.com (10.167.242.4) with Microsoft\n SMTP Server (version=TLS1_3, cipher=TLS_AES_256_GCM_SHA384) id 15.20.9846.18\n via Frontend Transport; Tue, 21 Apr 2026 21:09:58 +0000","from sah1lpt726.softathome.com (unknown [192.168.72.32])\n by proxy.softathome.com (Postfix) with ESMTPSA id 17ABF20EC2;\n Tue, 21 Apr 2026 23:09:58 +0200 (CEST)"],"X-Spam-Checker-Version":"SpamAssassin 3.4.2 (2018-09-13) on phobos.denx.de","X-Spam-Level":"","X-Spam-Status":"No, score=-1.9 required=5.0 tests=BAYES_00,DKIM_SIGNED,\n DKIM_VALID,RCVD_IN_DNSWL_BLOCKED,SPF_HELO_PASS,SPF_PASS autolearn=ham\n autolearn_force=no version=3.4.2","ARC-Seal":"i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none;\n b=PGHe3TNhf2WLbKervcEzkzhaVgQtNrdEr5AnX+XpnZ3TW1zDNdRH12Kd+3dqh4WBqUZHf4telI2s+2m+wdGfNWrS5R3Dgcg7LYlXfkujc8bDyX8oZEy9UX4lZAy6EQbSRrl0k8u55rYAtAG6gKcrc+IDZqBuwEzDn3IM4PXKUeCQVBC8aVOKLo1c+p97vvCNk8hlehKu3i1PV0algf7Tm81j4MzfQ8xRGjYAj+4ZlZVgucM3yYOPTYRJh+yzTPM/zvWAtCVg88vPBepiytRKLX/GjS1SjfHX8W42bSww5Xv9TveKOup4Uu6tyZfdxqqsKTbBFrmQ3YQH9cmEWFGkXg==","ARC-Message-Signature":"i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com;\n s=arcselector10001;\n h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1;\n bh=Dr/RJDlIwOgbzo2FuG2y32m9/VNZMixg3oZwyteZxBI=;\n b=ntERADwf5OMUlFfP4J8VhxChdfcghPXuWouMBfNru+l9l14lU8Dnl6d6q6GRSfRNWy7soBtlj96NzY9GKFpOEnfkgsYwA3Gt9aCekD4Fxu4c6AuxNL6nAt+9y3ihZbz0wXvmKB6GFybIU3FCgdGsakbgzrZfWYdwcB8OS1OAWHsY7JLOeAtYNpim7EwKVtuFmbP/JRMauUaYNB6MzEdIcOcDUcEMEbJaNtpsk17O+WfY1IbDz2vjYj5T7+B+REz1Tpr1gQT3Nf8GYX5VPjFaho4DIGPt9kn5zeVKTIOwtY1ntCaVeMezVT73bgHQ1121WPpFzA06hF/dfU9L/AeQKA==","ARC-Authentication-Results":"i=1; mx.microsoft.com 1; spf=pass (sender ip is\n 149.6.166.170) smtp.rcpttodomain=canonical.com smtp.mailfrom=softathome.com;\n dmarc=bestguesspass action=none header.from=softathome.com; dkim=none\n (message not signed); arc=none (0)","DKIM-Signature":"v=1; a=rsa-sha256; c=relaxed/relaxed;\n d=softathome1.onmicrosoft.com; s=selector1-softathome1-onmicrosoft-com;\n h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck;\n bh=Dr/RJDlIwOgbzo2FuG2y32m9/VNZMixg3oZwyteZxBI=;\n b=G4srwqH2mwq/LMdfejGbAcQi+9adu9+bBZTunANg1fTsEYBDWQ/Ngpi7buYTpKyePgBrze6Y2KKGKrHFs3Oxt277hyKYR9LcEUkskIBNu3GZXII/Yhy9G0YE8nTqiVcY8lT28snEXiOvyVjoy9m8O700LY8LYibK4hqQTmfZu+01e0Sb3h8VWr4ffLuQfpH2ej9EvOmMeM8stu523rTuWEnOTStt8EtQBsC3KTSsRwuf4n96rY2RR6xBB8lrgHGJ31kMaK07fivsxwtIVu8I2cD3tYvdCnDEJctWnOh/1xqxw1CmPsGqHXVqLiXxNNMTyE7DAsNDMBv471Oez6AAHQ==","X-MS-Exchange-Authentication-Results":"spf=pass (sender IP is 149.6.166.170)\n smtp.mailfrom=softathome.com; dkim=none (message not signed)\n header.d=none;dmarc=bestguesspass action=none header.from=softathome.com;","Received-SPF":"Pass (protection.outlook.com: domain of softathome.com\n designates 149.6.166.170 as permitted sender)\n receiver=protection.outlook.com; client-ip=149.6.166.170;\n helo=proxy.softathome.com; pr=C","From":"Philippe Reynes <philippe.reynes@softathome.com>","To":"marko.makela@iki.fi, jonny.green@keytechinc.com, raymondmaoca@gmail.com,\n trini@konsulko.com, simon.glass@canonical.com","Cc":"u-boot@lists.denx.de, Philippe Reynes <philippe.reynes@softathome.com>,\n Simon Glass <sjg@chromium.org>","Subject":"[PATCH v5 13/15] tools: preload_check_sign: add support of ecdsa","Date":"Tue, 21 Apr 2026 23:09:52 +0200","Message-ID":"<20260421210954.1170437-14-philippe.reynes@softathome.com>","X-Mailer":"git-send-email 2.43.0","In-Reply-To":"<20260421210954.1170437-1-philippe.reynes@softathome.com>","References":"<20260421210954.1170437-1-philippe.reynes@softathome.com>","MIME-Version":"1.0","Content-Transfer-Encoding":"8bit","X-EOPAttributedMessage":"0","X-MS-PublicTrafficType":"Email","X-MS-TrafficTypeDiagnostic":"PA1PEPF000CC3F9:EE_|PAZP264MB2880:EE_","Content-Type":"text/plain","X-MS-Office365-Filtering-Correlation-Id":"d0bb8d74-fea4-4c69-d665-08de9fea581f","X-MS-Exchange-SenderADCheck":"1","X-MS-Exchange-AntiSpam-Relay":"0","X-Microsoft-Antispam":"BCL:0;\n ARA:13230040|36860700016|376014|82310400026|1800799024|18002099003|56012099003|22082099003;","X-Microsoft-Antispam-Message-Info":"\n kCVGRW9l/bYpEqM+DCw1DaW2CHVmgaH9Ob9YnLbqGRhrAsdUcNhgiNfv+Q8YpBNY8Ok34C3pJjTbtrW643VrHkM9+ZGGKIqL+8wy7BOAJMgS9c2Fqlo+6zalopgvmvk8V6jlUloGYOIoprMVKnphJtowg7zj4/ncWBnX1ta3qN0XeX276lVBsIOIBjGHTSGsoYnQYVsc3IHQ7p4x0DLVwrr476XnrdwqARbshZ1y5CZlTHiMctPm+nSJhQ+aciOPu5hCP4sRg+ZbGWoMQmD/5dg9ZlpXwYLEshTZWIx4AJEtwobap32dbAI5rO+cKZLMuLtpzFGUetT3nEXfNLj8Abrlwww1EqJuxHX61JcWq5C0Uh7+39OGF23qWwF+ZnRrIV9S7/6fszLNbkm/QSjTOv6m0AfTPQv+5E1j8JQxG6s5t1MC96IXP7YsIk9cd+1lXWzxi5E0GtWpnAS6b7hDPvksYs41NZa4GxCBdkRcVCPD16nZooS/5dNrVFRsxFBWnssyLqPQnrjPAfrqyq6WvuqbaJndEXCKrQWDGHePfwWmCiIshm12m5ynDnyH9Iyvi2U8JIYNTAjRH6ofoVeBMitWuUkFs/bTrhKnWHaBay1RKf4bsSJEIS7i6Ibl9oXvnLie0h6c5lw78ym44MNDOw/U9ey/r5WoAtg1awXPHj7rChEEP2/RQGTJ4FVfH5/EmJNVDkJIrY1QHxV/3pmPJBkuXwQcR+gOExttbhoz+RzECvFKRUezHmQoxzTz2ug4dTUGhPHE+0/oOBX2FMEu6w==","X-Forefront-Antispam-Report":"CIP:149.6.166.170; CTRY:FR; LANG:en; SCL:1; SRV:;\n IPV:CAL; SFV:NSPM; H:proxy.softathome.com; PTR:InfoDomainNonexistent;\n CAT:NONE;\n SFS:(13230040)(36860700016)(376014)(82310400026)(1800799024)(18002099003)(56012099003)(22082099003);\n DIR:OUT; SFP:1101;","X-MS-Exchange-AntiSpam-MessageData-ChunkCount":"1","X-MS-Exchange-AntiSpam-MessageData-0":"\n 67keCjyUF4mL7zJk17zC5yh4qPISHwsAejtKCRsta83HJqiaRklkY6HpznHuWQSaY8GT9D5VdR9gcfDBcu67zu2wn+PGJgq9lfNtgEZedeH3brXAJEQYwGK9zf7d5DziO3maohkM1Ym6BmbMCYVV7BQUMPz9ps8Pk+Tig7NoFkBTjNOjZgAlftMHbtfYcPbCeDBfQmPLstC50TK2oPYtze9jntXnqB8qzDowzgfoKh+e4jFUHmtsOIh7Np/1Dc8cZLhsj2uYHJVeswqFDV+wJIl86eZ22i/bNkfm+uvyfA3NMbL2os71xgqELKbuKq5bXIWASS2Cg7DNjmVpd1lz/jXPWo6nyf8Yh0szD+vHzxsyF9yZICqEe6moIHFOXBMzczw3+jNSP+TVFfcJc+RkLykV6unRWhmCZr4d5NBTcTyKC3HcI8BZqUopGRyclIhN","X-OriginatorOrg":"softathome.com","X-MS-Exchange-CrossTenant-OriginalArrivalTime":"21 Apr 2026 21:09:58.2372 (UTC)","X-MS-Exchange-CrossTenant-Network-Message-Id":"\n d0bb8d74-fea4-4c69-d665-08de9fea581f","X-MS-Exchange-CrossTenant-Id":"aa10e044-e405-4c10-8353-36b4d0cce511","X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp":"\n TenantId=aa10e044-e405-4c10-8353-36b4d0cce511; Ip=[149.6.166.170];\n Helo=[proxy.softathome.com]","X-MS-Exchange-CrossTenant-AuthSource":"PA1PEPF000CC3F9.FRAP264.PROD.OUTLOOK.COM","X-MS-Exchange-CrossTenant-AuthAs":"Anonymous","X-MS-Exchange-CrossTenant-FromEntityHeader":"HybridOnPrem","X-MS-Exchange-Transport-CrossTenantHeadersStamped":"PAZP264MB2880","X-BeenThere":"u-boot@lists.denx.de","X-Mailman-Version":"2.1.39","Precedence":"list","List-Id":"U-Boot discussion <u-boot.lists.denx.de>","List-Unsubscribe":"<https://lists.denx.de/options/u-boot>,\n <mailto:u-boot-request@lists.denx.de?subject=unsubscribe>","List-Archive":"<https://lists.denx.de/pipermail/u-boot/>","List-Post":"<mailto:u-boot@lists.denx.de>","List-Help":"<mailto:u-boot-request@lists.denx.de?subject=help>","List-Subscribe":"<https://lists.denx.de/listinfo/u-boot>,\n <mailto:u-boot-request@lists.denx.de?subject=subscribe>","Errors-To":"u-boot-bounces@lists.denx.de","Sender":"\"U-Boot\" <u-boot-bounces@lists.denx.de>","X-Virus-Scanned":"clamav-milter 0.103.8 at phobos.denx.de","X-Virus-Status":"Clean"},"content":"right now, the tool preload_check_sign may only\nchecks an image with a pre-load header with rsa.\nWe add the support of pre-load header with ecdsa.\n\nReviewed-by: Simon Glass <sjg@chromium.org>\nSigned-off-by: Philippe Reynes <philippe.reynes@softathome.com>\n---\nv3:\n- initial version\nv4:\n- free key to avoid mem leak\n- fix error management (set ret before goto out)\nv5:\n- add include ec.h, evp.h, err.h and image.h\n\n tools/preload_check_sign.c | 30 ++++++++++++++++++++++++++++++\n 1 file changed, 30 insertions(+)","diff":"diff --git a/tools/preload_check_sign.c b/tools/preload_check_sign.c\nindex ebead459273..d94f0509e74 100644\n--- a/tools/preload_check_sign.c\n+++ b/tools/preload_check_sign.c\n@@ -8,9 +8,13 @@\n  * complete file. The tool preload_check_sign allows to verify and authenticate\n  * a file starting with a preload header.\n  */\n+\n+#define OPENSSL_API_COMPAT 0x10101000L\n+\n #include <stdio.h>\n #include <unistd.h>\n #include <openssl/pem.h>\n+#include <openssl/ec.h>\n #include <openssl/evp.h>\n #include <openssl/err.h>\n #include <image.h>\n@@ -144,6 +148,32 @@ int main(int argc, char **argv)\n \tinfo.sig_info.key      = info.key;\n \tinfo.sig_info.keylen   = info.key_len;\n \n+\t/* For ecdsa key, we have to update some values */\n+\tif (EVP_PKEY_id(pkey) == EVP_PKEY_EC) {\n+\t\tEC_KEY *ecdsa_key;\n+\t\tconst EC_GROUP *group;\n+\n+\t\tecdsa_key = EVP_PKEY_get1_EC_KEY(pkey);\n+\t\tif (!ecdsa_key) {\n+\t\t\tfprintf(stderr, \"Can not extract ECDSA key\\n\");\n+\t\t\tret = EXIT_FAILURE;\n+\t\t\tgoto out;\n+\t\t}\n+\n+\t\tgroup = EC_KEY_get0_group(ecdsa_key);\n+\t\tif (!group) {\n+\t\t\tfprintf(stderr, \"Can not extract ECDSA group\\n\");\n+\t\t\tEC_KEY_free(ecdsa_key);\n+\t\t\tret = EXIT_FAILURE;\n+\t\t\tgoto out;\n+\t\t}\n+\n+\t\tinfo.sig_info.keyfile  = keyfile;\n+\t\tinfo.sig_size          = (EC_GROUP_order_bits(group) + 7) / 8 * 2;\n+\n+\t\tEC_KEY_free(ecdsa_key);\n+\t}\n+\n \t/* Check the signature */\n \timage_pre_load_sig_set_info(&info);\n \tret = image_pre_load_sig((ulong)buffer);\n","prefixes":["v5","13/15"]}