diff options
author | Alexandru Gagniuc <mr.nuke.me@gmail.com> | 2021-02-19 21:45:12 +0300 |
---|---|---|
committer | Tom Rini <trini@konsulko.com> | 2021-04-14 22:06:08 +0300 |
commit | ed6c9e0b6668a05d62f5d1b75aecaf246ba51042 (patch) | |
tree | e8e4fe47b24fe1c25fb3dffb79d25276864dd4a9 /include/image.h | |
parent | 4c17e5f69170bf033df7b4f1a2b87fa72f18aaf5 (diff) | |
download | u-boot-ed6c9e0b6668a05d62f5d1b75aecaf246ba51042.tar.xz |
lib: Add support for ECDSA image signing
mkimage supports rsa2048, and rsa4096 signatures. With newer silicon
now supporting hardware-accelerated ECDSA, it makes sense to expand
signing support to elliptic curves.
Implement host-side ECDSA signing and verification with libcrypto.
Device-side implementation of signature verification is beyond the
scope of this patch.
Signed-off-by: Alexandru Gagniuc <mr.nuke.me@gmail.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
Diffstat (limited to 'include/image.h')
-rw-r--r-- | include/image.h | 3 |
1 files changed, 3 insertions, 0 deletions
diff --git a/include/image.h b/include/image.h index 375fb46bf9..f172b1224d 100644 --- a/include/image.h +++ b/include/image.h @@ -1224,16 +1224,19 @@ int calculate_hash(const void *data, int data_len, const char *algo, # if defined(CONFIG_FIT_SIGNATURE) # define IMAGE_ENABLE_SIGN 1 # define IMAGE_ENABLE_VERIFY 1 +# define IMAGE_ENABLE_VERIFY_ECDSA 1 # define FIT_IMAGE_ENABLE_VERIFY 1 # include <openssl/evp.h> # else # define IMAGE_ENABLE_SIGN 0 # define IMAGE_ENABLE_VERIFY 0 +# define IMAGE_ENABLE_VERIFY_ECDSA 0 # define FIT_IMAGE_ENABLE_VERIFY 0 # endif #else # define IMAGE_ENABLE_SIGN 0 # define IMAGE_ENABLE_VERIFY CONFIG_IS_ENABLED(RSA_VERIFY) +# define IMAGE_ENABLE_VERIFY_ECDSA 0 # define FIT_IMAGE_ENABLE_VERIFY CONFIG_IS_ENABLED(FIT_SIGNATURE) #endif |