Commit graph

4 commits

Author SHA1 Message Date
Simon Glass
c033dc8c0c image: Return destination node for add_verify_data() method
It is useful to know where the verification data was written. Update the
API to return this.

Signed-off-by: Simon Glass <sjg@chromium.org>
2022-01-26 08:50:44 -07:00
Heinrich Schuchardt
3a8b919932 tools: avoid OpenSSL deprecation warnings
Our Gitlab CI buildsystem is set up to treat warnings as errors.
With OpenSSL 3.0 a lot of deprecation warnings occur.

With the patch compatibility with OpenSSL 1.1.1 is declared.
In the long run we should upgrade our code to use the current API.

A -Wdiscarded-qualifiers warning is muted by casting.

Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
2021-12-26 06:57:20 +01:00
Alexandru Gagniuc
eb22759e2b lib/ecdsa: Use the 'keydir' argument from mkimage if appropriate
Keys can be derived from keydir, and the "key-name-hint" property of
the FIT. They can also be specified ad-literam via 'keyfile'. Update
the ECDSA signing path to use the appropriate one.

Signed-off-by: Alexandru Gagniuc <mr.nuke.me@gmail.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
2021-04-14 15:23:01 -04:00
Alexandru Gagniuc
ed6c9e0b66 lib: Add support for ECDSA image signing
mkimage supports rsa2048, and rsa4096 signatures. With newer silicon
now supporting hardware-accelerated ECDSA, it makes sense to expand
signing support to elliptic curves.

Implement host-side ECDSA signing and verification with libcrypto.
Device-side implementation of signature verification is beyond the
scope of this patch.

Signed-off-by: Alexandru Gagniuc <mr.nuke.me@gmail.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
2021-04-14 15:06:08 -04:00