qiurui
/
Centos-kernel-stream-9
mirror of https://gitlab.com/redhat/centos-stream/src/kernel/centos-stream-9.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
Centos-kernel-stream-9/certs
History
Herbert Xu b6b367ab5e certs: Add support for using elliptic curve keys for signing modules 
JIRA: https://issues.redhat.com/browse/RHEL-81929

commit a4aed36ed5924a05ecfadc470584188bfba2b928
Author: Stefan Berger <stefanb@linux.ibm.com>
Date:   Tue Jun 29 17:34:21 2021 -0400

    certs: Add support for using elliptic curve keys for signing modules

    Add support for using elliptic curve keys for signing modules. It uses
    a NIST P384 (secp384r1) key if the user chooses an elliptic curve key
    and will have ECDSA support built into the kernel.

    Note: A developer choosing an ECDSA key for signing modules should still
    delete the signing key (rm certs/signing_key.*) when building an older
    version of a kernel that only supports RSA keys. Unless kbuild automati-
    cally detects and generates a new kernel module key, ECDSA-signed kernel
    modules will fail signature verification.

    Cc: David Howells <dhowells@redhat.com>
    Cc: David Woodhouse <dwmw2@infradead.org>
    Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
    Reviewed-by: Jarkko Sakkinen <jarkko@kernel.org>
    Tested-by: Jarkko Sakkinen <jarkko@kernel.org>
    Signed-off-by: Jarkko Sakkinen <jarkko@kernel.org>

Signed-off-by: Herbert Xu <herbert.xu@redhat.com>
 		2025-03-05 22:29:46 +08:00
..
.gitignore .gitignore: prefix local generated files with a slash 2021-05-02 00:43:35 +09:00
Kconfig certs: Add support for using elliptic curve keys for signing modules 2025-03-05 22:29:46 +08:00
Makefile certs: Add support for using elliptic curve keys for signing modules 2025-03-05 22:29:46 +08:00
blacklist.c certs: Move load_certificate_list() to be with the asymmetric keys code 2022-06-23 11:32:02 +01:00
blacklist.h certs: Add EFI_CERT_X509_GUID support for dbx entries 2021-03-11 16:31:28 +00:00
blacklist_hashes.c License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
blacklist_nohashes.c certs/blacklist_nohashes.c: fix const confusion in certs blacklist 2018-02-21 15:35:43 -08:00
revocation_certificates.S certs: Add ability to preload revocation certs 2021-03-11 16:33:49 +00:00
system_certificates.S ima: ensure IMA_APPRAISE_MODSIG has necessary dependencies 2021-04-26 21:54:23 -04:00
system_keyring.c integrity: PowerVM support for loading third party code signing keys 2024-02-05 19:05:32 +08:00