TrustedFirmware Git Browser
Code Review Sign In
review.trustedfirmware.org / mirror / mcuboot / 206b91485232ccca9b5dbb9e86671c1405d9eed1^! / . / docs
commit206b91485232ccca9b5dbb9e86671c1405d9eed1[log] [tgz]
authorRoland Mikhel <roland.mikhel@arm.com>Thu Feb 23 15:28:52 2023 +0100
committerDávid Vincze <david.vincze@arm.com>Tue Apr 11 07:05:38 2023 +0200
tree1057a7ca895007dd010aa859da653e9538192e1d
parenta97f009d209deb20278a7e12234364bad02533f6 [diff]
bootutil: Remove P224 curve

Signed-off-by: Roland Mikhel <roland.mikhel@arm.com>
Change-Id: I49fad7ede202de4e3c710bf4aa1df195a310b037

diff --git a/docs/design.md b/docs/design.md
index d1b7038..7a192cd 100755
--- a/docs/design.md
+++ b/docs/design.md

@@ -3,7 +3,7 @@
 
   - Copyright (c) 2017-2020 Linaro LTD
   - Copyright (c) 2017-2019 JUUL Labs
-  - Copyright (c) 2019-2021 Arm Limited
+  - Copyright (c) 2019-2023 Arm Limited
 
   - Original license:
 
@@ -107,7 +107,7 @@
 #define IMAGE_TLV_KEYHASH           0x01   /* hash of the public key */
 #define IMAGE_TLV_SHA256            0x10   /* SHA256 of image hdr and body */
 #define IMAGE_TLV_RSA2048_PSS       0x20   /* RSA2048 of hash output */
-#define IMAGE_TLV_ECDSA224          0x21   /* ECDSA of hash output */
+#define IMAGE_TLV_ECDSA224          0x21   /* ECDSA of hash output - Not supported anymore */
 #define IMAGE_TLV_ECDSA256          0x22   /* ECDSA of hash output */
 #define IMAGE_TLV_RSA3072_PSS       0x23   /* RSA3072 of hash output */
 #define IMAGE_TLV_ED25519           0x24   /* ED25519 of hash output */

diff --git a/docs/ecdsa.md b/docs/ecdsa.md
index 50ca961..d3a5a25 100644
--- a/docs/ecdsa.md
+++ b/docs/ecdsa.md

@@ -5,10 +5,6 @@
 always a fixed length. Unfortunately, this padding was done in a way
 that is not easily reversible. Some crypto libraries (specifically, Mbed
 TLS) are fairly strict about the formatting of the ECDSA signature.
-This currently means that the ECDSA SECP224R1 (EC) signature
-checking code will fail to boot about 1 out of every 256 images,
-because the signature itself will end in a 0x00 byte, and the code
-will remove too much data, invalidating the signature.
 
 There are two ways to fix this:
 

diff --git a/docs/signed_images.md b/docs/signed_images.md
index c1edcfb..bcc201b 100644
--- a/docs/signed_images.md
+++ b/docs/signed_images.md

@@ -53,12 +53,7 @@
 
 Now the public key is in file called image_sign_pub.der.
 
-For ECDSA224 these commands are similar.
-
-openssl ecparam -name secp224r1 -genkey -noout -out image_sign.pem
-openssl ec -in image_sign.pem -pubout -outform DER -out image_sign_pub.der
-
-And then the ECDSA256.
+For ECDSA256 these commands are similar.
 openssl ecparam -name prime256v1 -genkey -noout -out image_sign.pem
 openssl ec -in image_sign.pem -pubout -outform DER -out image_sign_pub.der
 
@@ -102,5 +97,4 @@
 After you've created the key package, you must include it in the build
 for bootloader. So modify the pkg.yml for apps/boot to include it.
 
-The syscfg variable to enable ECDSA224 is BOOTUTIL_SIGN_EC, and
-BOOTUTIL_SIGN_EC256 for ECDS256.
+The syscfg variable to enable ECDSA256 is BOOTUTIL_SIGN_EC256.