WSL2-Linux-Kernel/certs
Stefan Berger a4aed36ed5 certs: Add support for using elliptic curve keys for signing modules
Add support for using elliptic curve keys for signing modules. It uses
a NIST P384 (secp384r1) key if the user chooses an elliptic curve key
and will have ECDSA support built into the kernel.

Note: A developer choosing an ECDSA key for signing modules should still
delete the signing key (rm certs/signing_key.*) when building an older
version of a kernel that only supports RSA keys. Unless kbuild automati-
cally detects and generates a new kernel module key, ECDSA-signed kernel
modules will fail signature verification.

Cc: David Howells <dhowells@redhat.com>
Cc: David Woodhouse <dwmw2@infradead.org>
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
Reviewed-by: Jarkko Sakkinen <jarkko@kernel.org>
Tested-by: Jarkko Sakkinen <jarkko@kernel.org>
Signed-off-by: Jarkko Sakkinen <jarkko@kernel.org>
2021-08-23 19:55:42 +03:00
..
.gitignore .gitignore: prefix local generated files with a slash 2021-05-02 00:43:35 +09:00
Kconfig certs: Add support for using elliptic curve keys for signing modules 2021-08-23 19:55:42 +03:00
Makefile certs: Add support for using elliptic curve keys for signing modules 2021-08-23 19:55:42 +03:00
blacklist.c certs: Add ability to preload revocation certs 2021-03-11 16:33:49 +00:00
blacklist.h certs: Add EFI_CERT_X509_GUID support for dbx entries 2021-03-11 16:31:28 +00:00
blacklist_hashes.c
blacklist_nohashes.c
common.c certs: Move load_system_certificate_list to a common function 2021-03-11 16:32:38 +00:00
common.h certs: Move load_system_certificate_list to a common function 2021-03-11 16:32:38 +00:00
revocation_certificates.S certs: Add ability to preload revocation certs 2021-03-11 16:33:49 +00:00
system_certificates.S ima: ensure IMA_APPRAISE_MODSIG has necessary dependencies 2021-04-26 21:54:23 -04:00
system_keyring.c integrity-v5.13 2021-05-01 15:32:18 -07:00