On 2/10/21 1:45 PM, Tim Romanski wrote:
Hi Alex,
Thanks for the context! What are your plans for upstreaming your ECDSA signing
implementation?
I expect that the ECDSA signing series will get merged soon.
I've currently dedicated the next four weeks to getting signing+verification
implemented, so if you'd like a helping hand either with any leftover signing
work or to get verification started I'm happy to collaborate.
Verification on the target would be great. My implementation is
platform-specific. It would make sense to also have a software
implementation of ECDSA (as we do for RSA). Once that is in place, it
opens the gates for unit-testing. Currently, we're only testing the host
signing part, but it would be awesome to have a test for ECDSA_UCLASS.
I think getting started on a software implementation of ECDSA_UCLASS
would be most beneficial. Is that something you'd like to take on?
Alex
All the best,
Tim
-----Original Message-----
From: Alex G. <mr.nuke...@gmail.com>
Sent: February 5, 2021 11:09 AM
To: Simon Glass <s...@chromium.org>; Tim Romanski <t-troman...@microsoft.com>
Cc: u-boot@lists.denx.de; Deskin Miller <desk...@microsoft.com>; Dylan D'Silva
<ddsi...@microsoft.com>
Subject: [EXTERNAL] Re: U-Boot ECDSA Implementation Question
Hi Tim,
On 2/5/21 8:35 AM, Simon Glass wrote:
I'm a current intern at Microsoft, and one of my priorities is to enable ECDSA for
U-Boot image signing/verification. Simon mentioned someone is already working on
ECC, it would be great to get synced up with related progress. For signing, I will
likely replicate the existing approach of using the openssl library. I'm aware that
signing happens on a host machine and verification happens during boot, which
implies verification should have a custom implementation to avoid the openssl
overhead in the U-Boot binary. My thoughts are to copy an ECC verification
implementation from a well-tested widely-used open source project. I was wondering,
is U-Boot's current RSA verification copied from another project? If so, how are
security patches between the two copies of code usually handled? I'm thinking of
deriving from the ECDSA implementation currently in the Linux kernel, though I'd
also appreciate suggestions if there's a better/more widely tested & used
implementation.
[snip]
Alexandru Gagniuc, on cc, has been looking at implementing the signing
side of this recently and has sent some patches that you could look
at.
I hope I can save you some effort on the signing side. Generally, you have two
types of signed images. The first is the signed bootloader (BL2 or FSBL in ARM
terms). The other one is the signed Flattened Image Tree
(FIT) that we use in u-boot. The first one is vendor-specific, so you'd usually
use vendor tools or write your own. We use mkimage to deal with the latter.
I've implemented the signing part [1] for mkimage. mkimage has the ability to
use hardware signing via the PKCS11 engine of openssl, which I did not
implement. You can read more about it here [3].
The verification part is still being defined [4][5]. The idea is to define a
UCLASS which abstracts the underlying implementation. For RSA, it's defined
here [6].
My goal with ECDSA verification was to use the ROM API of the STM32MP1.
This meant I don't have to write a software implementation of ECDSA.
This would be useful in two ways. It would enable ECDSA verification on devices
that don't support it in hardware, and would also allow us to add some unit
tests for ECDSA.
I suspect what you could do from here, is try to build my branch with ECDSA
signing, play around with mkimage, and let us know how we can point you to the
correct documentation. There's a lot of it in doc/, but it's not always easy to
find.
Alex
[1]
https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgithub.com%2Fmrnuke%2Fu-boot%2Fcommits%2Fpatch-mkimage-keyfile-v1&data=04%7C01%7Ct-tromanski%40microsoft.com%7C4e326c48dc2f4e89df5d08d8c9f0536f%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C637481381320581783%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=NulehqeJPXmR%2BLhHzBagWc9Uum1iFS5%2BSVlRu0L9SUU%3D&reserved=0
[2]
https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgithub.com%2Fmrnuke%2Fu-boot%2Fcommit%2Fa2ae016f2f80579962d4ab058137c8e1a4f4741f&data=04%7C01%7Ct-tromanski%40microsoft.com%7C4e326c48dc2f4e89df5d08d8c9f0536f%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C637481381320581783%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=Sa06A5TDKVxJ7sd1Dj%2FCiztHPQ%2BJBuzVbpK9mMVwMsU%3D&reserved=0
[3]
https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgithub.com%2Fmrnuke%2Fu-boot%2Fblob%2F3f447efcf8ad98d0eea349994810a66b453ac188%2Fdoc%2FuImage.FIT%2Fsignature.txt%23L488&data=04%7C01%7Ct-tromanski%40microsoft.com%7C4e326c48dc2f4e89df5d08d8c9f0536f%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C637481381320581783%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=ExeKMGFCC9QX6bGAyWztqMZqMqCqGWbhgZkF8odmcKM%3D&reserved=0
[4]
https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgithub.com%2Fmrnuke%2Fu-boot%2Fcommit%2F31caceb0e28959881e96ea49a0b28fd44d13a947&data=04%7C01%7Ct-tromanski%40microsoft.com%7C4e326c48dc2f4e89df5d08d8c9f0536f%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C637481381320581783%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=QMhDdKcxviXg%2FhmXIwxpgmUKsc2aezNb3L9kZOgX198%3D&reserved=0
[5]
https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgithub.com%2Fmrnuke%2Fu-boot%2Fcommits%2Fpatch-stm32-ecdsa-v1&data=04%7C01%7Ct-tromanski%40microsoft.com%7C4e326c48dc2f4e89df5d08d8c9f0536f%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C637481381320591742%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=bWUtVRDNSmwOIvizaPz8zQh6I0bmurz8vVh10ef%2B5O8%3D&reserved=0
[6]
https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgithub.com%2Fmrnuke%2Fu-boot%2Fblob%2F7d7ce8d70287568071a5d24acb6dc74b923fe7e0%2Finclude%2Fu-boot%2Frsa-mod-exp.h%23L79&data=04%7C01%7Ct-tromanski%40microsoft.com%7C4e326c48dc2f4e89df5d08d8c9f0536f%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C637481381320591742%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=8FbEZj6l7vutTknzV4a5%2FnNtoznnQHIjdrP2rJiZEFs%3D&reserved=0
