acrn-kernel/certs
Stefan Berger a4aed36ed5 certs: Add support for using elliptic curve keys for signing modules
Add support for using elliptic curve keys for signing modules. It uses
a NIST P384 (secp384r1) key if the user chooses an elliptic curve key
and will have ECDSA support built into the kernel.

Note: A developer choosing an ECDSA key for signing modules should still
delete the signing key (rm certs/signing_key.*) when building an older
version of a kernel that only supports RSA keys. Unless kbuild automati-
cally detects and generates a new kernel module key, ECDSA-signed kernel
modules will fail signature verification.

Cc: David Howells <dhowells@redhat.com>
Cc: David Woodhouse <dwmw2@infradead.org>
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
Reviewed-by: Jarkko Sakkinen <jarkko@kernel.org>
Tested-by: Jarkko Sakkinen <jarkko@kernel.org>
Signed-off-by: Jarkko Sakkinen <jarkko@kernel.org>
2021-08-23 19:55:42 +03:00
..
.gitignore .gitignore: prefix local generated files with a slash 2021-05-02 00:43:35 +09:00
Kconfig certs: Add support for using elliptic curve keys for signing modules 2021-08-23 19:55:42 +03:00
Makefile certs: Add support for using elliptic curve keys for signing modules 2021-08-23 19:55:42 +03:00
blacklist.c
blacklist.h
blacklist_hashes.c
blacklist_nohashes.c
common.c
common.h
revocation_certificates.S
system_certificates.S ima: ensure IMA_APPRAISE_MODSIG has necessary dependencies 2021-04-26 21:54:23 -04:00
system_keyring.c integrity-v5.13 2021-05-01 15:32:18 -07:00