certs: Add support for using elliptic curve keys for signing modules - linux - Linux Kernel (branches are rebased on master from time to time)

diff options

author	Stefan Berger <stefanb@linux.ibm.com>	2021-06-29 17:34:21 -0400
committer	Jarkko Sakkinen <jarkko@kernel.org>	2021-08-23 19:55:42 +0300
commit	a4aed36ed5924a05ecfadc470584188bfba2b928 (patch)
tree	fa716ef69d3f3ff29aeae2019b6c74164eac5557 /tools/scripts
parent	ea35e0d5df6c92fa2e124bb1b91d09b2240715ba (diff)
download	linux-a4aed36ed5924a05ecfadc470584188bfba2b928.tar.bz2

certs: Add support for using elliptic curve keys for signing modules

Add support for using elliptic curve keys for signing modules. It uses a NIST P384 (secp384r1) key if the user chooses an elliptic curve key and will have ECDSA support built into the kernel. Note: A developer choosing an ECDSA key for signing modules should still delete the signing key (rm certs/signing_key.*) when building an older version of a kernel that only supports RSA keys. Unless kbuild automati- cally detects and generates a new kernel module key, ECDSA-signed kernel modules will fail signature verification. Cc: David Howells <dhowells@redhat.com> Cc: David Woodhouse <dwmw2@infradead.org> Signed-off-by: Stefan Berger <stefanb@linux.ibm.com> Reviewed-by: Jarkko Sakkinen <jarkko@kernel.org> Tested-by: Jarkko Sakkinen <jarkko@kernel.org> Signed-off-by: Jarkko Sakkinen <jarkko@kernel.org>

Diffstat (limited to 'tools/scripts')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: