Several sources including NSA has made recommendations for use of ECC (Elliptic Curve Cryptography) based signing and verification of certs using ECDSA moving forward.
The way we interpret the NXP SEC manuals is that ECC is not completely HW assisted. That is, there is not a dedicated engine to do ECC based calculations.
1) Does the LS1043A support ECC with full HW acceleration?
2) If not, then we need to get more details from NXP on how ECC is supported and how it can be used, particularly with CST?
3) ECC is never mentioned in the Secure Boot Documents, but LS1043A SOC has a SEC module which supports ECC and it is certified by NIST. ECC support for Secure Boot is dependent on the PBL (Preboot loader) and U-Boot, so if PBL does not support ECC, is it the case that the entire chain of trust will not support ECC also?
4) Does CST support Elliptical Cure Cryptography (ECC)?
5) We tried to use the ECC option on CST, but it failed. The CST does not support an ECC option, or how should the CST arguments appear for ECC to get the ECC option to work on CST?