Hello Anshul,
Tue, Nov 11, 2025 at 09:52:51AM +0530, Anshul Dalal wrote:
Hello Marko,
On Sat Nov 8, 2025 at 10:54 PM IST, Marko Mäkelä wrote:
Hi all,
I am new to u-boot, please bear with me. I got CONFIG_FIT_SIGNATURE=y to
work with the RSA algorithm, but not with ECDSA.
My two main questions are:
Is CONFIG_ECDSA_VERIFY only implemented for the two targets:
rom_api_ops in arch/arm/mach-stm32mp/ecdsa_romapi.c
cptra_ecdsa_ops in drivers/crypto/aspeed/cptra_ecdsa.c.
Yes, those two seem to be the only one's implementing UCLASS_ECDSA.
Is it feasible to support something more modern than RSA signatures on a
reasonably high-end target, such as ARMv8? Are there any suggestions or
git commits that you would suggest as a reference?
Should be possible, you can look at the current implementaitons of RSA
and lib/ecdsa/ecdsa-libcrypto.c for reference.
Thank you. I will look at that.
[snip]
Rebuilding with CONFIG_ECDSA_VERIFY=y changed the error message to
the
following:
sha256,ecdsa256:dev- error!
Verification failed for '<NULL>' hash node in 'conf-1' config node
Failed to verify required signature 'dev'
This is probably due to U-Boot failing to find a driver with
UCLASS_ECDSA, you can verify by adding a "#define DEBUG" to the top of
lib/ecdsa/ecdsa-verify.c and check if the following error shows up:
ECDSA: Could not find ECDSA implementation: -19
Thank you for the tip. So, the #define DEBUG would enable the debug()
statements. This indeed confirms my hypothesis:
## Executing script at 90000000
sha256,ecdsa256:devECDSA: Could not find ECDSA implementation: -19
- error!
Verification failed for '<NULL>' hash node in 'conf-1' config node
Failed to verify required signature 'dev'
Boot failed (err=1)
I'm working on this on a hobby basis for now, and it may take some time
before I will submit any patches for review.
Best regards,
Marko
