projects / linux-2.6-microblaze.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: ea35e0d) | patch
certs: Add support for using elliptic curve keys for signing modules
authorStefan Berger <stefanb@linux.ibm.com>
Tue, 29 Jun 2021 21:34:21 +0000 (17:34 -0400)
committerJarkko Sakkinen <jarkko@kernel.org>
Mon, 23 Aug 2021 16:55:42 +0000 (19:55 +0300)
commita4aed36ed5924a05ecfadc470584188bfba2b928
treefa716ef69d3f3ff29aeae2019b6c74164eac5557tree | snapshot
parentea35e0d5df6c92fa2e124bb1b91d09b2240715bacommit | diff
certs: Add support for using elliptic curve keys for signing modules

Add support for using elliptic curve keys for signing modules. It uses
a NIST P384 (secp384r1) key if the user chooses an elliptic curve key
and will have ECDSA support built into the kernel.

Note: A developer choosing an ECDSA key for signing modules should still
delete the signing key (rm certs/signing_key.*) when building an older
version of a kernel that only supports RSA keys. Unless kbuild automati-
cally detects and generates a new kernel module key, ECDSA-signed kernel
modules will fail signature verification.

Cc: David Howells <dhowells@redhat.com>
Cc: David Woodhouse <dwmw2@infradead.org>
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
Reviewed-by: Jarkko Sakkinen <jarkko@kernel.org>
Tested-by: Jarkko Sakkinen <jarkko@kernel.org>
Signed-off-by: Jarkko Sakkinen <jarkko@kernel.org>
certs/Kconfig diff | blob | history
certs/Makefile diff | blob | history
crypto/asymmetric_keys/pkcs7_parser.c diff | blob | history
MicroBlaze GIT Repository