Hello, I'm a current intern at Microsoft, and one of my priorities is to enable ECDSA for U-Boot image signing/verification. Simon mentioned someone is already working on ECC, it would be great to get synced up with related progress. For signing, I will likely replicate the existing approach of using the openssl library. I'm aware that signing happens on a host machine and verification happens during boot, which implies verification should have a custom implementation to avoid the openssl overhead in the U-Boot binary. My thoughts are to copy an ECC verification implementation from a well-tested widely-used open source project. I was wondering, is U-Boot's current RSA verification copied from another project? If so, how are security patches between the two copies of code usually handled? I'm thinking of deriving from the ECDSA implementation currently in the Linux kernel, though I'd also appreciate suggestions if there's a better/more widely tested & used implementation.
All the best, Tim
