| Message ID | 20240902053326.3273410-3-chiawei_wang@aspeedtech.com |
|---|---|
| State | Superseded |
| Delegated to: | Tom Rini |
| Headers | show |
| Series | aspeed: ast2700: Add Caliptra ECDSA driver | expand |
On Mon, 2 Sept 2024 at 07:33, Chia-Wei Wang <chiawei_wang@aspeedtech.com> wrote: > > Both the signature and the public key are stored as DTS nodes > in the FIT image and SPL/U-Boot DTBs. > > Like the RSA signing & verification do, this patch either creates > the nodes or overwirte the content automatically. > > Signed-off-by: Chia-Wei Wang <chiawei_wang@aspeedtech.com> > --- > lib/ecdsa/ecdsa-libcrypto.c | 25 ++++++++++++++++++------- > 1 file changed, 18 insertions(+), 7 deletions(-) > Reviewed-by: Simon Glass <sjg@chromium.org> > diff --git a/lib/ecdsa/ecdsa-libcrypto.c b/lib/ecdsa/ecdsa-libcrypto.c > index 5fa9be10b4b..cd0c09ca6e4 100644 > --- a/lib/ecdsa/ecdsa-libcrypto.c > +++ b/lib/ecdsa/ecdsa-libcrypto.c > @@ -281,15 +281,26 @@ static int do_add(struct signer *ctx, void *fdt, const char *key_node_name) > BIGNUM *x, *y; > > signature_node = fdt_subnode_offset(fdt, 0, FIT_SIG_NODENAME); > - if (signature_node < 0) { > - fprintf(stderr, "Could not find 'signature node: %s\n", > - fdt_strerror(signature_node)); > - return signature_node; > + if (signature_node == -FDT_ERR_NOTFOUND) { > + signature_node = fdt_add_subnode(fdt, 0, FIT_SIG_NODENAME); > + if (signature_node < 0) { > + fprintf(stderr, "Could not find 'signature node: %s\n", s/find/add/ ? > + fdt_strerror(signature_node)); > + return signature_node; > + } > } > > - key_node = fdt_add_subnode(fdt, signature_node, key_node_name); > - if (key_node < 0) { > - fprintf(stderr, "Could not create '%s' node: %s\n", > + /* Either create or overwrite the named key node */ > + key_node = fdt_subnode_offset(fdt, signature_node, key_node_name); > + if (key_node == -FDT_ERR_NOTFOUND) { > + key_node = fdt_add_subnode(fdt, signature_node, key_node_name); > + if (key_node < 0) { > + fprintf(stderr, "Could not create '%s' node: %s\n", > + key_node_name, fdt_strerror(key_node)); > + return key_node; > + } > + } else if (key_node < 0) { > + fprintf(stderr, "cannot select '%s' node: %s\n", > key_node_name, fdt_strerror(key_node)); > return key_node; > } > -- > 2.25.1 >
Hi Simon > -----Original Message----- > From: Simon Glass <sjg@chromium.org> > Sent: Saturday, September 21, 2024 12:02 AM > > On Mon, 2 Sept 2024 at 07:33, Chia-Wei Wang > <chiawei_wang@aspeedtech.com> wrote: > > > > Both the signature and the public key are stored as DTS nodes in the > > FIT image and SPL/U-Boot DTBs. > > > > Like the RSA signing & verification do, this patch either creates the > > nodes or overwirte the content automatically. > > > > Signed-off-by: Chia-Wei Wang <chiawei_wang@aspeedtech.com> > > --- > > lib/ecdsa/ecdsa-libcrypto.c | 25 ++++++++++++++++++------- > > 1 file changed, 18 insertions(+), 7 deletions(-) > > > > Reviewed-by: Simon Glass <sjg@chromium.org> > > > diff --git a/lib/ecdsa/ecdsa-libcrypto.c b/lib/ecdsa/ecdsa-libcrypto.c > > index 5fa9be10b4b..cd0c09ca6e4 100644 > > --- a/lib/ecdsa/ecdsa-libcrypto.c > > +++ b/lib/ecdsa/ecdsa-libcrypto.c > > @@ -281,15 +281,26 @@ static int do_add(struct signer *ctx, void *fdt, > const char *key_node_name) > > BIGNUM *x, *y; > > > > signature_node = fdt_subnode_offset(fdt, 0, FIT_SIG_NODENAME); > > - if (signature_node < 0) { > > - fprintf(stderr, "Could not find 'signature node: %s\n", > > - fdt_strerror(signature_node)); > > - return signature_node; > > + if (signature_node == -FDT_ERR_NOTFOUND) { > > + signature_node = fdt_add_subnode(fdt, 0, > FIT_SIG_NODENAME); > > + if (signature_node < 0) { > > + fprintf(stderr, "Could not find 'signature > > + node: %s\n", > > s/find/add/ ? Will fix the typo as suggested. Regards, Chiawei
diff --git a/lib/ecdsa/ecdsa-libcrypto.c b/lib/ecdsa/ecdsa-libcrypto.c index 5fa9be10b4b..cd0c09ca6e4 100644 --- a/lib/ecdsa/ecdsa-libcrypto.c +++ b/lib/ecdsa/ecdsa-libcrypto.c @@ -281,15 +281,26 @@ static int do_add(struct signer *ctx, void *fdt, const char *key_node_name) BIGNUM *x, *y; signature_node = fdt_subnode_offset(fdt, 0, FIT_SIG_NODENAME); - if (signature_node < 0) { - fprintf(stderr, "Could not find 'signature node: %s\n", - fdt_strerror(signature_node)); - return signature_node; + if (signature_node == -FDT_ERR_NOTFOUND) { + signature_node = fdt_add_subnode(fdt, 0, FIT_SIG_NODENAME); + if (signature_node < 0) { + fprintf(stderr, "Could not find 'signature node: %s\n", + fdt_strerror(signature_node)); + return signature_node; + } } - key_node = fdt_add_subnode(fdt, signature_node, key_node_name); - if (key_node < 0) { - fprintf(stderr, "Could not create '%s' node: %s\n", + /* Either create or overwrite the named key node */ + key_node = fdt_subnode_offset(fdt, signature_node, key_node_name); + if (key_node == -FDT_ERR_NOTFOUND) { + key_node = fdt_add_subnode(fdt, signature_node, key_node_name); + if (key_node < 0) { + fprintf(stderr, "Could not create '%s' node: %s\n", + key_node_name, fdt_strerror(key_node)); + return key_node; + } + } else if (key_node < 0) { + fprintf(stderr, "cannot select '%s' node: %s\n", key_node_name, fdt_strerror(key_node)); return key_node; }
Both the signature and the public key are stored as DTS nodes in the FIT image and SPL/U-Boot DTBs. Like the RSA signing & verification do, this patch either creates the nodes or overwirte the content automatically. Signed-off-by: Chia-Wei Wang <chiawei_wang@aspeedtech.com> --- lib/ecdsa/ecdsa-libcrypto.c | 25 ++++++++++++++++++------- 1 file changed, 18 insertions(+), 7 deletions(-)