This series is Part II of the ECDSA saga. It applies on top of [1]: * [PATCH v4 0/6] Add support for ECDSA image signing (with test)
I've designed the UCLASS_ECDSA such that it aligns with the ROM API of the stm32mp. Instead of splitting the verification into (1) curve operations and (2) modular exponentiation, I've concatenated everything in a 'verify' step. It would be impossible to split the steps and use the stm32mp ROM for verification. Should more granular control be required, this API could be extended at a later time. Until we have more hardware supporting ECDSA, this is purely speculative. The ROM API of the stm32mp is passed in 'r0' when the FSBL is called. While we can save 'r0' in SPL, this series does not implement a mechanism to pass this to u-boot. Thus the ROM API, and ECDSA verification are only available for SPL. Although extending this to u-boot by adding the ROM address to the FDT blob, implementing and verifying this is beyond the scope of this series. [1] https://lists.denx.de/pipermail/u-boot/2021-January/436935.html Alexandru Gagniuc (5): dm: crypto: Define UCLASS API for ECDSA signature verification lib: ecdsa: Add skeleton to implement ecdsa verification in u-boot lib: ecdsa: Implement signature verification for crypto_algo API arm: stm32mp1: Implement ECDSA signature verification Kconfig: FIT_SIGNATURE should not select RSA_VERIFY arch/arm/mach-stm32mp/Kconfig | 9 ++ arch/arm/mach-stm32mp/Makefile | 1 + arch/arm/mach-stm32mp/ecdsa_romapi.c | 106 ++++++++++++++++++++++ common/Kconfig.boot | 8 +- include/crypto/ecdsa-uclass.h | 39 ++++++++ include/dm/uclass-id.h | 1 + include/image.h | 10 +-- include/u-boot/rsa.h | 2 +- lib/Kconfig | 1 + lib/Makefile | 1 + lib/ecdsa/Kconfig | 23 +++++ lib/ecdsa/Makefile | 1 + lib/ecdsa/ecdsa-verify.c | 128 +++++++++++++++++++++++++++ 13 files changed, 320 insertions(+), 10 deletions(-) create mode 100644 arch/arm/mach-stm32mp/ecdsa_romapi.c create mode 100644 include/crypto/ecdsa-uclass.h create mode 100644 lib/ecdsa/Kconfig create mode 100644 lib/ecdsa/Makefile create mode 100644 lib/ecdsa/ecdsa-verify.c -- 2.26.2
