Re: [PATCH] certs: Add support for using elliptic curve keys for signing modules

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Fri, 2021-02-19 at 10:41 -0500, Stefan Berger wrote:
> From: Stefan Berger <stefanb@xxxxxxxxxxxxx>
> 
> This patch adds support for using elliptic curve keys for signing
> modules. It uses a NIST P256 (prime256v1) key if the user chooses an
> elliptic curve key.
> 
> A developer choosing an ECDSA key for signing modules has to manually
> delete the signing key (rm certs/signing_key.*) when falling back to
> an older version of a kernel that only supports RSA key since otherwise
> ECDSA-signed modules will not be usable when that older kernel runs.
> 
> Signed-off-by: Stefan Berger <stefanb@xxxxxxxxxxxxx>

Thanks, Stefan!

Tested with this patch applied on top of "[PATCH v8 0/4] Add support
for x509 certs with NIST p256 and p192" and "[PATCH v2 0/5] ima: kernel
build support for loading the kernel module" patch sets.

Tested-by: Mimi Zohar <zohar@xxxxxxxxxxxxx>
Reviewed-by: Mimi Zohar <zohar@xxxxxxxxxxxxx>




[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Index of Archives]     [Linux Kernel]     [Linux Kernel Hardening]     [Linux NFS]     [Linux NILFS]     [Linux USB Devel]     [Video for Linux]     [Linux Audio Users]     [Yosemite News]     [Linux SCSI]

  Powered by Linux