帮助
英语(美国) | English (US) 日本語 | Japanese 中文 | Chinese (Simplified)

Using ECDSA-P265 (and ED25519) signature in mcuboot

取消
开启建议
自动建议可通过在您键入时建议可能的匹配,而快速缩小您的搜索结果范围。
显示结果 
显示  仅  | 搜索替代 
您的意思是: 

Using ECDSA-P265 (and ED25519) signature in mcuboot

2 周之前
147 次查看
mastupristi
Senior Contributor I

Hi,

 

I'm trying mcuboot_opensource and ota_mcuboot_basic examples.

The example use rsa2048 out-of-the-box and works well.

Since ecdsa key pair are also provided (files bootutil/nxp_port/keys/sign-ecdsa-p256-*), I would like to try this type of signature.

I have replaced 

#define CONFIG_BOOT_SIGNATURE_TYPE_RSA
#define CONFIG_BOOT_SIGNATURE_TYPE_RSA_LEN 2048


with

#define CONFIG_BOOT_SIGNATURE_TYPE_ECDSA_P256


then I have signed the ota_mcuboot_basic binary:

python3 imgtool.py sign \
	--key evkmimxrt1020_mcuboot_opensource_v2.2.0/bootutil/nxp_port/keys/sign-ecdsa-p256-priv.pem \
        --align 4 \
	--header-size 0x400 \
	--pad-header \
	--slot-size 0x100000 \
	--max-sectors 800 \
	--version "1.1" \
        evkmimxrt1020_ota_mcuboot_basic.bin \
	evkmimxrt1020_ota_mcuboot_basic_signed_ecdsap256.bin

 

But it doesn't work.

Which steps do I need to do to make it works?

 

The further test for me is to use ed25519, that is not provided out-of-the-box in the examples. Could you list the steps to make is works as well?

 

regards

Max

标记 (3)
0 项奖励
回复
2 回复数

星期二
101 次查看
diego_charles
NXP TechSupport
NXP TechSupport

Hi @mastupristi 

Which MCU are you using?  I want to test with you on the same platform.

Have you updated the MCUBoot to contain the public ECDSA_P256 key? 

Diego

0 项奖励
回复

星期二
89 次查看
mastupristi
Senior Contributor I

Hi @diego_charles 

 

Which MCU are you using?

RT1021. I'm testing on MIMXRT1020-EVK

 

Have you updated the MCUBoot to contain the public ECDSA_P256 key?

Yes, this is done automatically by the example..

in source/mcux_config.h I have substituted #define CONFIG_BOOT_ENCRYPT_RSA with #define CONFIG_BOOT_ENCRYPT_ECDSA_P256
In file source/sblconfig.h I have substituted 

#define CONFIG_BOOT_SIGNATURE_TYPE_RSA
#define CONFIG_BOOT_SIGNATURE_TYPE_RSA_LEN 2048

with

#define CONFIG_BOOT_SIGNATURE_TYPE_ECDSA_P256

 

in file bootutil/nxp_port/keys.c the correct key file should be selected based on the definitions:

#if defined(MCUBOOT_SIGN_RSA)
#include "sign-rsa2048-pub.c"
#elif defined(MCUBOOT_SIGN_EC256)
#include "sign-ecdsa-p256-pub.c"
#else
#error "No public key available for given signing algorithm."
#endif

 

best regards

Max

0 项奖励
回复