Aspeed AST2700 SoCs integrates the Caliptra secure IP, where an ECDSA384 signature verification HW interface is exported for SoC crypto needs.
This patch series firstly extends the FIT image signing/verify common code to support the ECDSA384 algorithm. For better convenience, the device tree for ECDSA public key storage is also revised by referring to RSA implementations. After the FIT common code revision, the driver is implemented for AST2700 to leverage the Caliptra ECDSA384 signature verification. These are verified by signed FIT images with the algorithm "sha384,ecdsa384". v2 change: - revise the commit message of padding check removal for better explanation - remove redundant check in static function - revise errno and error message as suggested by Simon - collect Reviewed-by tags Chia-Wei Wang (4): lib: ecdsa: Add ECDSA384 support lib: ecdsa: Create device tree node automatically image-fit-sig: Remove padding check drivers/crypto: aspeed: Add Caliptra ECDSA384 support boot/image-fit-sig.c | 2 +- drivers/crypto/aspeed/Kconfig | 10 ++ drivers/crypto/aspeed/Makefile | 1 + drivers/crypto/aspeed/cptra_ecdsa.c | 184 ++++++++++++++++++++++++++++ include/u-boot/ecdsa.h | 1 + lib/ecdsa/ecdsa-libcrypto.c | 25 ++-- lib/ecdsa/ecdsa-verify.c | 14 ++- tools/image-sig-host.c | 7 ++ 8 files changed, 233 insertions(+), 11 deletions(-) create mode 100644 drivers/crypto/aspeed/cptra_ecdsa.c -- 2.25.1
