u-boot-toradex.git/lib/ecdsa, branch master U-Boot bootloader for Apalis and Colibri modules treewide: fix uImage.FIT document paths 2026-03-27T09:50:29+00:00 Daniel Golle daniel@makrotopia.org 2026-02-27T00:03:29+00:00 72cc446490e74fdf392f5e049cf8fd28d9c6818d Commit 488445cefa1 ("doc: Move FIT into its own directory") moved the documentation in doc/uImage.FIT to doc/usage/fit, subsequently all documents and example sources have been converted to reStructuredText. Fix (almost) all of the remaining occurrences of the old path and filenames across the tree. The exception is doc/uImage.FIT/command_syntax_extensions.txt which apparently has been removed entirely, or at least I was unable to locate where that document is now. Signed-off-by: Daniel Golle <daniel@makrotopia.org> 
Commit 488445cefa1 ("doc: Move FIT into its own directory") moved the
documentation in doc/uImage.FIT to doc/usage/fit, subsequently all
documents and example sources have been converted to reStructuredText.

Fix (almost) all of the remaining occurrences of the old path and
filenames across the tree.

The exception is doc/uImage.FIT/command_syntax_extensions.txt which
apparently has been removed entirely, or at least I was unable to
locate where that document is now.

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
ecdsa: fix segfault in mkimage when "-r" option is not set 2025-07-14T21:16:45+00:00 Lucas Dietrich ld.adecy@gmail.com 2025-07-07T15:55:50+00:00 6a269b7fdefe3edc60a6218f1402f17206644628 Fix a segmentation fault in the ECDSA signing logic of `mkimage` that occurs when the "-r" option is not specified. This reproduces the logic in `lib/rsa/rsa-sign.c` by checking if `info->require_keys` is non-null before passing it to `fdt_setprop_string()`. Signed-off-by: Lucas Dietrich <lucas.dietrich.git@proton.me> 
Fix a segmentation fault in the ECDSA signing logic of `mkimage`
that occurs when the "-r" option is not specified.

This reproduces the logic in `lib/rsa/rsa-sign.c` by checking if
`info->require_keys` is non-null before passing it to
`fdt_setprop_string()`.

Signed-off-by: Lucas Dietrich <lucas.dietrich.git@proton.me>
lib: ecdsa: Add support for loading ECDSA public key from FDT 2025-06-25T19:45:38+00:00 Jamin Lin jamin_lin@aspeedtech.com 2025-06-06T07:34:21+00:00 ed51f3e446f2ee9e2fa6577388451a93122b6551 This patch adds support for parsing ECDSA public keys from the device tree blob (FDT) under the `/signature` node. The public key is expected to be defined using: - ecdsa,curve (e.g., "prime256v1", "secp384r1") - ecdsa,x-point - ecdsa,y-point The implementation introduces: - struct ecdsa_public_key to hold parsed key fields - fdt_get_key() to parse the curve and coordinates from the FDT - read_key_from_fdt() to convert the parsed values into an OpenSSL EC_KEY - load_key_from_fdt() to support loading keys using required_keynode, keyname hint, or fallback to scanning all subnodes under "/signature". If "info->fdt_blob" is provided, the key is loaded from the FDT. Otherwise, the code falls back to loading a PEM-formatted key from file as before. This allows for ECDSA signature verification where the public key is embedded in the FIT image device tree, useful for systems that require signature validation without external files. Signed-off-by: Jamin Lin <jamin_lin@aspeedtech.com> 
This patch adds support for parsing ECDSA public keys from the device tree
blob (FDT) under the `/signature` node. The public key is expected to be
defined using:

  - ecdsa,curve (e.g., "prime256v1", "secp384r1")
  - ecdsa,x-point
  - ecdsa,y-point

The implementation introduces:
- struct ecdsa_public_key to hold parsed key fields
- fdt_get_key() to parse the curve and coordinates from the FDT
- read_key_from_fdt() to convert the parsed values into an OpenSSL EC_KEY
- load_key_from_fdt() to support loading keys using required_keynode,
  keyname hint, or fallback to scanning all subnodes under "/signature".

If "info->fdt_blob" is provided, the key is loaded from the FDT. Otherwise,
the code falls back to loading a PEM-formatted key from file as before.

This allows for ECDSA signature verification where the public key is
embedded in the FIT image device tree, useful for systems that require
signature validation without external files.

Signed-off-by: Jamin Lin <jamin_lin@aspeedtech.com>
Kbuild: Always use $(PHASE_) 2025-04-11T18:16:44+00:00 Tom Rini trini@konsulko.com 2025-04-01T22:55:23+00:00 302b41d5397e9f821d360a74335e8821d4513970 It is confusing to have both "$(PHASE_)" and "$(XPL_)" be used in our Makefiles as part of the macros to determine when to do something in our Makefiles based on what phase of the build we are in. For consistency, bring this down to a single macro and use "$(PHASE_)" only. Signed-off-by: Tom Rini <trini@konsulko.com> 
It is confusing to have both "$(PHASE_)" and "$(XPL_)" be used in our
Makefiles as part of the macros to determine when to do something in our
Makefiles based on what phase of the build we are in. For consistency,
bring this down to a single macro and use "$(PHASE_)" only.

Signed-off-by: Tom Rini <trini@konsulko.com>
lib: ecdsa: fix prevent memory leak in ecdsa_add_verify_data 2025-03-03T20:24:48+00:00 Anton Moryakov ant.v.moryakov@gmail.com 2025-02-06T21:47:59+00:00 9943015f1b39fcb2de16ee72f1599c342620c561 - Ensure `free_ctx` is called in both error and success paths. - Fix memory leak in `ctx.signature` when `do_add` fails." Triggers found by static analyzer Svace. Signed-off-by: Anton Moryakov <ant.v.moryakov@gmail.com> 
- Ensure `free_ctx` is called in both error and success paths.
- Fix memory leak in `ctx.signature` when `do_add` fails."

Triggers found by static analyzer Svace.

Signed-off-by: Anton Moryakov <ant.v.moryakov@gmail.com>
lib: ecdsa: Add ECDSA384 support 2024-10-21T23:52:52+00:00 Chia-Wei Wang chiawei_wang@aspeedtech.com 2024-10-14T09:56:18+00:00 75068b1a2dbcf475c1043e7aa0f6882554d759bc Add ECDSA384 algorithm support for image signing and verification. Signed-off-by: Chia-Wei Wang <chiawei_wang@aspeedtech.com> Reviewed-by: Simon Glass <sjg@chromium.org> 
Add ECDSA384 algorithm support for image signing and verification.

Signed-off-by: Chia-Wei Wang <chiawei_wang@aspeedtech.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
Merge patch series "Tidy up use of 'SPL' and CONFIG_SPL_BUILD" 2024-10-11T18:23:25+00:00 Tom Rini trini@konsulko.com 2024-10-11T18:23:25+00:00 47e544f576699ca4630e20448db6a05178960697 Simon Glass <sjg@chromium.org> says: When the SPL build-phase was first created it was designed to solve a particular problem (the need to init SDRAM so that U-Boot proper could be loaded). It has since expanded to become an important part of U-Boot, with three phases now present: TPL, VPL and SPL Due to this history, the term 'SPL' is used to mean both a particular phase (the one before U-Boot proper) and all the non-proper phases. This has become confusing. For a similar reason CONFIG_SPL_BUILD is set to 'y' for all 'SPL' phases, not just SPL. So code which can only be compiled for actual SPL, for example, must use something like this: #if defined(CONFIG_SPL_BUILD) && !defined(CONFIG_TPL_BUILD) In Makefiles we have similar issues. SPL_ has been used as a variable which expands to either SPL_ or nothing, to chose between options like CONFIG_BLK and CONFIG_SPL_BLK. When TPL appeared, a new SPL_TPL variable was created which expanded to 'SPL_', 'TPL_' or nothing. Later it was updated to support 'VPL_' as well. This series starts a change in terminology and usage to resolve the above issues: - The word 'xPL' is used instead of 'SPL' to mean a non-proper build - A new CONFIG_XPL_BUILD define indicates that the current build is an 'xPL' build - The existing CONFIG_SPL_BUILD is changed to mean SPL; it is not now defined for TPL and VPL phases - The existing SPL_ Makefile variable is renamed to SPL_ - The existing SPL_TPL Makefile variable is renamed to PHASE_ It should be noted that xpl_phase() can generally be used instead of the above CONFIGs without a code-space or run-time penalty. This series does not attempt to convert all of U-Boot to use this new terminology but it makes a start. In particular, renaming spl.h and common/spl seems like a bridge too far at this point. The series is fully bisectable. It has also been checked to ensure there are no code-size changes on any commit. 
Simon Glass <sjg@chromium.org> says:

When the SPL build-phase was first created it was designed to solve a
particular problem (the need to init SDRAM so that U-Boot proper could
be loaded). It has since expanded to become an important part of U-Boot,
with three phases now present: TPL, VPL and SPL

Due to this history, the term 'SPL' is used to mean both a particular
phase (the one before U-Boot proper) and all the non-proper phases.
This has become confusing.

For a similar reason CONFIG_SPL_BUILD is set to 'y' for all 'SPL'
phases, not just SPL. So code which can only be compiled for actual SPL,
for example, must use something like this:

   #if defined(CONFIG_SPL_BUILD) && !defined(CONFIG_TPL_BUILD)

In Makefiles we have similar issues. SPL_ has been used as a variable
which expands to either SPL_ or nothing, to chose between options like
CONFIG_BLK and CONFIG_SPL_BLK. When TPL appeared, a new SPL_TPL variable
was created which expanded to 'SPL_', 'TPL_' or nothing. Later it was
updated to support 'VPL_' as well.

This series starts a change in terminology and usage to resolve the
above issues:

- The word 'xPL' is used instead of 'SPL' to mean a non-proper build
- A new CONFIG_XPL_BUILD define indicates that the current build is an
  'xPL' build
- The existing CONFIG_SPL_BUILD is changed to mean SPL; it is not now
  defined for TPL and VPL phases
- The existing SPL_ Makefile variable is renamed to SPL_
- The existing SPL_TPL Makefile variable is renamed to PHASE_

It should be noted that xpl_phase() can generally be used instead of
the above CONFIGs without a code-space or run-time penalty.

This series does not attempt to convert all of U-Boot to use this new
terminology but it makes a start. In particular, renaming spl.h and
common/spl seems like a bridge too far at this point.

The series is fully bisectable. It has also been checked to ensure there
are no code-size changes on any commit.
global: Rename SPL_ to XPL_ 2024-10-11T17:44:48+00:00 Simon Glass sjg@chromium.org 2024-09-30T01:49:53+00:00 c46760d5967d12b6f7d37402878d1607a98b2b84 Use XPL_ as the symbol to indicate an SPL build. This means that SPL_ is no-longer set. Signed-off-by: Simon Glass <sjg@chromium.org> 
Use XPL_ as the symbol to indicate an SPL build. This means that SPL_ is
no-longer set.

Signed-off-by: Simon Glass <sjg@chromium.org>
mkimage: ecdsa: add nodes to signature/key node 2024-10-08T03:31:20+00:00 Matthias Pritschet matthias.pritschet@itk-engineering.de 2024-08-29T12:44:47+00:00 c623bce70c905739aff8f85fac4c61eacb3b8e99 Add the "required", "algo", and "key-name-hint" nodes to the signature/key node if ecdsa256 is used. This change is mainly copy&paste from rsa_add_verify_data which already adds these nodes. Signed-off-by: Matthias Pritschet <matthias.pritschet@itk-engineering.de> 
Add the "required", "algo", and "key-name-hint" nodes to the
signature/key node if ecdsa256 is used.

This change is mainly copy&paste from rsa_add_verify_data which already
adds these nodes.

Signed-off-by: Matthias Pritschet <matthias.pritschet@itk-engineering.de>
mkimage: ecdsa: add signature/key nodes to dtb if missing 2024-10-08T03:30:50+00:00 Matthias Pritschet matthias.pritschet@itk-engineering.de 2024-08-27T16:00:54+00:00 b67436d31969e6d6b76b39849da276506058b900 If the signature/key node(s) are not yet present in the U-Boot device tree, ecdsa_add_verify_data simply fails if it can't find the nodes. This behaviour differs from rsa_add_verify_data, wich does add the missing nodes and proceeds in that case. This change is mainly copy&paste from rsa_add_verify_data to add the same behaviour to ecdsa_add_verify_data. Signed-off-by: Matthias Pritschet <matthias.pritschet@itk-engineering.de> 
If the signature/key node(s) are not yet present in the U-Boot device
tree, ecdsa_add_verify_data simply fails if it can't find the nodes.
This behaviour differs from rsa_add_verify_data, wich does add the missing
nodes and proceeds in that case.

This change is mainly copy&paste from rsa_add_verify_data to add the
same behaviour to ecdsa_add_verify_data.

Signed-off-by: Matthias Pritschet <matthias.pritschet@itk-engineering.de>