Aspeed AST2700 SoCs integrates the Caliptra secure IP, where an ECDSA384 signature verification HW interface is exported for SoC crypto needs.
This patch series firstly extends the FIT image signing/verify common code to support the ECDSA384 algorithm. For better convenience, the device tree for ECDSA public key storage is also revised by referring to RSA implementations. After the FIT common code revision, the driver is implemented for AST2700 to leverage the Caliptra ECDSA384 signature verification. These are verified by signed FIT images with the algorithm "sha384,ecdsa384". Chia-Wei Wang (4): lib: ecdsa: Add ECDSA384 support lib: ecdsa: Create device tree node automatically image-fit-sig: Remove padding check drivers/crypto: aspeed: Add Caliptra ECDSA384 support boot/image-fit-sig.c | 2 +- drivers/crypto/aspeed/Kconfig | 10 ++ drivers/crypto/aspeed/Makefile | 1 + drivers/crypto/aspeed/cptra_ecdsa.c | 187 ++++++++++++++++++++++++++++ include/u-boot/ecdsa.h | 1 + lib/ecdsa/ecdsa-libcrypto.c | 25 ++-- lib/ecdsa/ecdsa-verify.c | 14 ++- tools/image-sig-host.c | 7 ++ 8 files changed, 236 insertions(+), 11 deletions(-) create mode 100644 drivers/crypto/aspeed/cptra_ecdsa.c -- 2.25.1
