{"id":2225945,"url":"http://patchwork.ozlabs.org/api/patches/2225945/?format=json","web_url":"http://patchwork.ozlabs.org/project/uboot/patch/20260421210954.1170437-13-philippe.reynes@softathome.com/","project":{"id":18,"url":"http://patchwork.ozlabs.org/api/projects/18/?format=json","name":"U-Boot","link_name":"uboot","list_id":"u-boot.lists.denx.de","list_email":"u-boot@lists.denx.de","web_url":null,"scm_url":null,"webscm_url":null,"list_archive_url":"","list_archive_url_format":"","commit_url_format":""},"msgid":"<20260421210954.1170437-13-philippe.reynes@softathome.com>","list_archive_url":null,"date":"2026-04-21T21:09:51","name":"[v5,12/15] boot: pre-load: add support of ecdsa","commit_ref":null,"pull_url":null,"state":"new","archived":false,"hash":"ef78f27f749afa475b4cf58d80ce05602ad68d53","submitter":{"id":74351,"url":"http://patchwork.ozlabs.org/api/people/74351/?format=json","name":"Philippe Reynes","email":"philippe.reynes@softathome.com"},"delegate":null,"mbox":"http://patchwork.ozlabs.org/project/uboot/patch/20260421210954.1170437-13-philippe.reynes@softathome.com/mbox/","series":[{"id":500895,"url":"http://patchwork.ozlabs.org/api/series/500895/?format=json","web_url":"http://patchwork.ozlabs.org/project/uboot/list/?series=500895","date":"2026-04-21T21:09:51","name":"add software ecdsa support","version":5,"mbox":"http://patchwork.ozlabs.org/series/500895/mbox/"}],"comments":"http://patchwork.ozlabs.org/api/patches/2225945/comments/","check":"pending","checks":"http://patchwork.ozlabs.org/api/patches/2225945/checks/","tags":{},"related":[],"headers":{"Return-Path":"","X-Original-To":"incoming@patchwork.ozlabs.org","Delivered-To":"patchwork-incoming@legolas.ozlabs.org","Authentication-Results":["legolas.ozlabs.org;\n\tdkim=pass (2048-bit key;\n unprotected) header.d=softathome1.onmicrosoft.com header.i=@softathome1.onmicrosoft.com\n header.a=rsa-sha256 header.s=selector1-softathome1-onmicrosoft-com\n header.b=cr1sIjDm;\n\tdkim-atps=neutral","legolas.ozlabs.org;\n spf=pass (sender SPF authorized) smtp.mailfrom=lists.denx.de\n (client-ip=2a01:238:438b:c500:173d:9f52:ddab:ee01; helo=phobos.denx.de;\n envelope-from=u-boot-bounces@lists.denx.de; receiver=patchwork.ozlabs.org)","phobos.denx.de;\n dmarc=none (p=none dis=none) header.from=softathome.com","phobos.denx.de;\n spf=pass smtp.mailfrom=u-boot-bounces@lists.denx.de","phobos.denx.de;\n\tdkim=pass (2048-bit key;\n unprotected) header.d=softathome1.onmicrosoft.com header.i=@softathome1.onmicrosoft.com\n header.b=\"cr1sIjDm\";\n\tdkim-atps=neutral","phobos.denx.de; dmarc=none (p=none dis=none)\n header.from=softathome.com","phobos.denx.de;\n spf=pass smtp.mailfrom=philippe.reynes@softathome.com"],"Received":["from phobos.denx.de (phobos.denx.de\n [IPv6:2a01:238:438b:c500:173d:9f52:ddab:ee01])\n\t(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)\n\t key-exchange x25519)\n\t(No client certificate requested)\n\tby legolas.ozlabs.org (Postfix) with ESMTPS id 4g0ZkZ5QFKz1yGs\n\tfor ; Wed, 22 Apr 2026 07:10:14 +1000 (AEST)","from h2850616.stratoserver.net (localhost [IPv6:::1])\n\tby phobos.denx.de (Postfix) with ESMTP id A0291842E7;\n\tTue, 21 Apr 2026 23:10:06 +0200 (CEST)","by phobos.denx.de (Postfix, from userid 109)\n id BDB8B84258; Tue, 21 Apr 2026 23:10:04 +0200 (CEST)","from PAUP264CU001.outbound.protection.outlook.com\n (mail-francecentralazlp170110002.outbound.protection.outlook.com\n [IPv6:2a01:111:f403:c20a::2])\n (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits))\n (No client certificate requested)\n by phobos.denx.de (Postfix) with ESMTPS id 2EFC6839D5\n for ; Tue, 21 Apr 2026 23:10:01 +0200 (CEST)","from PAYP264CA0035.FRAP264.PROD.OUTLOOK.COM (2603:10a6:102:11f::22)\n by PARP264MB5881.FRAP264.PROD.OUTLOOK.COM (2603:10a6:102:4bd::8) with\n Microsoft SMTP Server (version=TLS1_2,\n cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.9846.16; Tue, 21 Apr\n 2026 21:09:58 +0000","from PA3PEPF000089B9.FRAP264.PROD.OUTLOOK.COM\n (2603:10a6:102:11f:cafe::30) by PAYP264CA0035.outlook.office365.com\n (2603:10a6:102:11f::22) with Microsoft SMTP Server (version=TLS1_3,\n cipher=TLS_AES_256_GCM_SHA384) id 15.20.9791.48 via Frontend Transport; Tue,\n 21 Apr 2026 21:09:58 +0000","from proxy.softathome.com (149.6.166.170) by\n PA3PEPF000089B9.mail.protection.outlook.com (10.167.242.21) with Microsoft\n SMTP Server (version=TLS1_3, cipher=TLS_AES_256_GCM_SHA384) id 15.20.9846.18\n via Frontend Transport; Tue, 21 Apr 2026 21:09:58 +0000","from sah1lpt726.softathome.com (unknown [192.168.72.32])\n by proxy.softathome.com (Postfix) with ESMTPSA id F1CA720933;\n Tue, 21 Apr 2026 23:09:57 +0200 (CEST)"],"X-Spam-Checker-Version":"SpamAssassin 3.4.2 (2018-09-13) on phobos.denx.de","X-Spam-Level":"","X-Spam-Status":"No, score=-1.9 required=5.0 tests=BAYES_00,DKIM_SIGNED,\n DKIM_VALID,RCVD_IN_DNSWL_BLOCKED,SPF_HELO_PASS,SPF_PASS autolearn=ham\n autolearn_force=no version=3.4.2","ARC-Seal":"i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none;\n b=DGcFjnzAu2GFGfxJi0WAyEvwkf8eRPqMfKDStMAkuv/yoj8fiLyjFx4fJ4O+2vpdi+HKPnExq19tFbWyTCXWR2+SUTZvsalDcDmxNzNwdIk74Lem5UixxwdSQ9IvK7HKkP79jevCn5aVV9Gl+XoZnEKCZeT4OxQ1EzO1M61jUNkYYqsiotAvYTvtmdBl3yX0Oj9ibizYPUahCZCGC6lktqhaskNv0OJb/XJ0cQYHj/8m9iesipXDrhAnIfDqWlb5cZSMGzs/Aik5ohnHy67ritqDN7GQoILDqiRyfoo3BUBvsGFOAeBox2t/Wc0Iq4T2Wm6LhcuUw2nxomrXU/aUqA==","ARC-Message-Signature":"i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com;\n s=arcselector10001;\n h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1;\n bh=ZqRedFsExPMASo87YssmOhkYfTiC+JOWSCRi1s2/ug0=;\n b=fKSWXQvHI01hsXFgMW/l6XDm+cL3ZVF4dqzcDSsiO0Wp+PHkbqOPIJApY1hSBFpIMePrtvKzYaX8NUmI8K7R/TBjkq+XixzFFLmpzpGRSKREocpcudLSQQY/h/Hbck7igXPfNZTUX5xFOdnocDZvhi7YaS9tPOTHYrg+QJB4d838hWypPIzBs81f6/abzKIfCQ4rwEa44z/v0SqChV4TdAvKiE58cw7k63peOsnGwSmpphcw2B4xXWw+2pgr5haxRv6s26MlNYr0TpdoguJkU4LaxtnJarydTeBS7YliuV4FRRJ60EAqvuZbfd11FdFec1ax9HbDPOH0mT4ijVAy9A==","ARC-Authentication-Results":"i=1; mx.microsoft.com 1; spf=pass (sender ip is\n 149.6.166.170) smtp.rcpttodomain=canonical.com smtp.mailfrom=softathome.com;\n dmarc=bestguesspass action=none header.from=softathome.com; dkim=none\n (message not signed); arc=none (0)","DKIM-Signature":"v=1; a=rsa-sha256; c=relaxed/relaxed;\n d=softathome1.onmicrosoft.com; s=selector1-softathome1-onmicrosoft-com;\n h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck;\n bh=ZqRedFsExPMASo87YssmOhkYfTiC+JOWSCRi1s2/ug0=;\n b=cr1sIjDmGmAs++sISHKIJUjuoFaqG0wS0rI649F5IZxWnRA89O1es9pTJsKdwrwVUdFdIazr6vZe14c1GfozVidbQd4oPWVytb4hPARJ6zaSmr4I0a0hszq6FDLuQ7EUo4djDvkSA/Unn6QP+49P/XQLZJR4kpIAo3OB8RcFDZRgCLzf3v9AiatedkFFu2KjEyIwX2qtosccmkx2sOlFFDXWaaA784xDx2epwnfxxOGgEb5I273yggP2SG/3vTYcy1eIIBWkj6uC+4jUMMr5T6GE8fY936ot780upCakJUVq02JjOUgGFU2gL6pmS7c1y7oZLdoUhMMmQxgfmmlqkg==","X-MS-Exchange-Authentication-Results":"spf=pass (sender IP is 149.6.166.170)\n smtp.mailfrom=softathome.com; dkim=none (message not signed)\n header.d=none;dmarc=bestguesspass action=none header.from=softathome.com;","Received-SPF":"Pass (protection.outlook.com: domain of softathome.com\n designates 149.6.166.170 as permitted sender)\n receiver=protection.outlook.com; client-ip=149.6.166.170;\n helo=proxy.softathome.com; pr=C","From":"Philippe Reynes ","To":"marko.makela@iki.fi, jonny.green@keytechinc.com, raymondmaoca@gmail.com,\n trini@konsulko.com, simon.glass@canonical.com","Cc":"u-boot@lists.denx.de, Philippe Reynes ,\n Simon Glass ","Subject":"[PATCH v5 12/15] boot: pre-load: add support of ecdsa","Date":"Tue, 21 Apr 2026 23:09:51 +0200","Message-ID":"<20260421210954.1170437-13-philippe.reynes@softathome.com>","X-Mailer":"git-send-email 2.43.0","In-Reply-To":"<20260421210954.1170437-1-philippe.reynes@softathome.com>","References":"<20260421210954.1170437-1-philippe.reynes@softathome.com>","MIME-Version":"1.0","Content-Transfer-Encoding":"8bit","X-EOPAttributedMessage":"0","X-MS-PublicTrafficType":"Email","X-MS-TrafficTypeDiagnostic":"PA3PEPF000089B9:EE_|PARP264MB5881:EE_","Content-Type":"text/plain","X-MS-Office365-Filtering-Correlation-Id":"dfb80d6a-569d-4327-1c15-08de9fea580f","X-MS-Exchange-SenderADCheck":"1","X-MS-Exchange-AntiSpam-Relay":"0","X-Microsoft-Antispam":"BCL:0;\n ARA:13230040|36860700016|82310400026|1800799024|376014|18002099003|22082099003|56012099003;","X-Microsoft-Antispam-Message-Info":"\n Xk/v2pPY0IlCoudRc8IQPNaQ/HuKC7IJ+P6cOfSLRCgFv3Z33AHPeN4JDocKbScZIxDTKIkLHZowYEEzv73hvPHkhUobBVg2fMZfVlMGWNKhMDXG2mg5jXeeUf6XeZxCIce9996i0y8vzzXwxLpPi9pzKI1kfHbfAsEc88pGTJzgEV9blLrc7u1gVZtrH0zN1WhgKUiU4WAU0Ewo2VwFSmE56P3GplG270MeOuLSX+f10Vuw/twu3eLaGGOOCfX9tGIoTJ/iLWFPAoaQTsrWRyyyF9fVCghUjMidzWyl9iPVLj3br3kaGsI+ddkjnIzLXSK3L5YHAPsyoS3Zm9+pxqDSe/VNPuLf1jAKf2L3JL04DMuPnxxf+Odqx9u93UuARFKt9JU+CvVNe5HlNiZdZzo62aB0g/10oGiJw8JV3bVgXkpXc0BvGPIe3P7LUb1qkyxZIlBdG0wDa+mQ4KfNR16vNXQgn3tSXDQRi1M3l0A8PfAO3Jr2v+q5l6TZ3+xZG6dhQvVuFxoB88XVYHFtDYGdbc9KSq7eRoLO9zixtk4pX7yTFLrHDF9ZOg+BV/EJbQFKQ7nWheeIKvuK9tKdgok7HnnIDdY5QD7wzxgI6TXqjdgAvGvxXgAFZzN54w3b47OKz6KNQKSZs+1D802sXs+uy5t70tDsQrrkyoC5OHHgMQNAaoJzs23cpcVfEa+qpDClWbHWhIH2I7dpynKMI1GydMQ1qAdCM5I/UYu2LAXHR2RzqyevZYdXICGgreDKdYrkQAH+iKR90b8m9LqKgA==","X-Forefront-Antispam-Report":"CIP:149.6.166.170; CTRY:FR; LANG:en; SCL:1; SRV:;\n IPV:CAL; SFV:NSPM; H:proxy.softathome.com; PTR:InfoDomainNonexistent;\n CAT:NONE;\n SFS:(13230040)(36860700016)(82310400026)(1800799024)(376014)(18002099003)(22082099003)(56012099003);\n DIR:OUT; SFP:1101;","X-MS-Exchange-AntiSpam-MessageData-ChunkCount":"1","X-MS-Exchange-AntiSpam-MessageData-0":"\n aTtsFCAFSe2PQg2VGWx2mWTDs4q5UWSte3ZuuLq4TbQm+4P7yHe7GAe9ObfzeD8sA/eWW7jXuQe3Jj31CPHgjblCcilQ5NBrK/kDOK8BWW5pqPY8peHD196qCdDNwrstaqqzCZKb4YTs/w6XT0pbV9R85P/rHun2Q2B7a2brGcSMYQoScXqmSANyC2l43E1sI9V07MTaNwFYYHp+h/5uu4/LKhU7DdvrXsNZkyR3+8k+pn1iOTLTk6/HgExNl0MJVqgq0Egj/6cZ3DZpACzHjmd724HLxvFOoNG3L14m/jw5wMXfdvi/BG3iSBktvt7r1rYXeBNx6Mq3zMO65Sf8PeL/q4eZMbpqcxHhdRL/OvkQEi+2u1hYf5gO7GWkWUULEes76a4jFlYsxvOqVma02T3meYSaRyafyeT8AaImK+KJP9FEhIQ7sghUF3cLmvXQ","X-OriginatorOrg":"softathome.com","X-MS-Exchange-CrossTenant-OriginalArrivalTime":"21 Apr 2026 21:09:58.1262 (UTC)","X-MS-Exchange-CrossTenant-Network-Message-Id":"\n dfb80d6a-569d-4327-1c15-08de9fea580f","X-MS-Exchange-CrossTenant-Id":"aa10e044-e405-4c10-8353-36b4d0cce511","X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp":"\n TenantId=aa10e044-e405-4c10-8353-36b4d0cce511; Ip=[149.6.166.170];\n Helo=[proxy.softathome.com]","X-MS-Exchange-CrossTenant-AuthSource":"PA3PEPF000089B9.FRAP264.PROD.OUTLOOK.COM","X-MS-Exchange-CrossTenant-AuthAs":"Anonymous","X-MS-Exchange-CrossTenant-FromEntityHeader":"HybridOnPrem","X-MS-Exchange-Transport-CrossTenantHeadersStamped":"PARP264MB5881","X-BeenThere":"u-boot@lists.denx.de","X-Mailman-Version":"2.1.39","Precedence":"list","List-Id":"U-Boot discussion ","List-Unsubscribe":",\n ","List-Archive":"","List-Post":"","List-Help":"","List-Subscribe":",\n ","Errors-To":"u-boot-bounces@lists.denx.de","Sender":"\"U-Boot\" ","X-Virus-Scanned":"clamav-milter 0.103.8 at phobos.denx.de","X-Virus-Status":"Clean"},"content":"Right now, u-boot can only boot image with a\npre-load header with rsa. We add the support\nof ecdsa.\n\nReviewed-by: Simon Glass \nSigned-off-by: Philippe Reynes \n---\nv3:\n- initial version\nv4:\n- avoid calling image_get_crypto_algo several times\nv5:\n- simplify the function is_ecdsa\n- re-use already computed crypto in function image_pre_load_sig_setup\n\n boot/image-pre-load.c | 53 +++++++++++++++++++++++++++++++++----------\n 1 file changed, 41 insertions(+), 12 deletions(-)","diff":"diff --git a/boot/image-pre-load.c b/boot/image-pre-load.c\nindex 2f851ebb28c..af72ea6d547 100644\n--- a/boot/image-pre-load.c\n+++ b/boot/image-pre-load.c\n@@ -70,6 +70,12 @@ static int image_pre_load_sig_setup(struct image_sig_info *info)\n \treturn 0;\n }\n #else\n+\n+static int is_ecdsa(struct crypto_algo *crypto)\n+{\n+\treturn crypto && !strncmp(crypto->name, \"ecdsa\", 5);\n+}\n+\n /*\n * This function gathers information about the signature check\n * that could be done before launching the image.\n@@ -86,6 +92,7 @@ static int image_pre_load_sig_setup(struct image_sig_info *info)\n \tint key_len;\n \tint node, ret = 0;\n \tchar *sig_info_path = NULL;\n+\tstruct crypto_algo *crypto;\n \n \tif (!info) {\n \t\tlog_err(\"ERROR: info is NULL for image pre-load sig check\\n\");\n@@ -114,11 +121,24 @@ static int image_pre_load_sig_setup(struct image_sig_info *info)\n \t\tgoto out;\n \t}\n \n-\tpadding_name = fdt_getprop(gd_fdt_blob(), node,\n-\t\t\t\t IMAGE_PRE_LOAD_PROP_PADDING_NAME, NULL);\n-\tif (!padding_name) {\n-\t\tlog_info(\"INFO: no padding_name provided, so using pkcs-1.5\\n\");\n-\t\tpadding_name = \"pkcs-1.5\";\n+\tcrypto = image_get_crypto_algo(algo_name);\n+\tif (!crypto) {\n+\t\tprintf(\"ERROR: can't find a valid crypto algo from %s\\n\",\n+\t\t (char *)algo_name);\n+\t\tret = -EINVAL;\n+\t\tgoto out;\n+\t}\n+\n+\tif (is_ecdsa(crypto)) {\n+\t\tpadding_name = NULL;\n+\t} else {\n+\t\tpadding_name = fdt_getprop(gd_fdt_blob(), node,\n+\t\t\t\t\t IMAGE_PRE_LOAD_PROP_PADDING_NAME,\n+\t\t\t\t\t NULL);\n+\t\tif (!padding_name) {\n+\t\t\tlog_info(\"INFO: no padding_name provided, so using pkcs-1.5\\n\");\n+\t\t\tpadding_name = \"pkcs-1.5\";\n+\t\t}\n \t}\n \n \tsig_size = fdt_getprop(gd_fdt_blob(), node,\n@@ -129,12 +149,17 @@ static int image_pre_load_sig_setup(struct image_sig_info *info)\n \t\tgoto out;\n \t}\n \n-\tkey = fdt_getprop(gd_fdt_blob(), node,\n-\t\t\t IMAGE_PRE_LOAD_PROP_PUBLIC_KEY, &key_len);\n-\tif (!key) {\n-\t\tlog_err(\"ERROR: no key for image pre-load sig check\\n\");\n-\t\tret = -EINVAL;\n-\t\tgoto out;\n+\tif (is_ecdsa(crypto)) {\n+\t\tkey = NULL;\n+\t\tkey_len = 0;\n+\t} else {\n+\t\tkey = fdt_getprop(gd_fdt_blob(), node,\n+\t\t\t\t IMAGE_PRE_LOAD_PROP_PUBLIC_KEY, &key_len);\n+\t\tif (!key) {\n+\t\t\tlog_err(\"ERROR: no key for image pre-load sig check\\n\");\n+\t\t\tret = -EINVAL;\n+\t\t\tgoto out;\n+\t\t}\n \t}\n \n \tinfo->algo_name\t\t= (char *)algo_name;\n@@ -152,9 +177,13 @@ static int image_pre_load_sig_setup(struct image_sig_info *info)\n \tinfo->sig_info.name = info->algo_name;\n \tinfo->sig_info.padding = image_get_padding_algo(info->padding_name);\n \tinfo->sig_info.checksum = image_get_checksum_algo(info->sig_info.name);\n-\tinfo->sig_info.crypto = image_get_crypto_algo(info->sig_info.name);\n+\tinfo->sig_info.crypto = crypto;\n \tinfo->sig_info.key = info->key;\n \tinfo->sig_info.keylen = info->key_len;\n+\tif (is_ecdsa(crypto)) {\n+\t\tinfo->sig_info.required_keynode = node;\n+\t\tinfo->sig_info.fdt_blob = gd_fdt_blob();\n+\t}\n \n out:\n \treturn ret;\n","prefixes":["v5","12/15"]}