On Fri, 2021-02-19 at 10:41 -0500, Stefan Berger wrote: > From: Stefan Berger <stefanb@xxxxxxxxxxxxx> > > This patch adds support for using elliptic curve keys for signing > modules. It uses a NIST P256 (prime256v1) key if the user chooses an > elliptic curve key. > > A developer choosing an ECDSA key for signing modules has to manually > delete the signing key (rm certs/signing_key.*) when falling back to > an older version of a kernel that only supports RSA key since otherwise > ECDSA-signed modules will not be usable when that older kernel runs. > > Signed-off-by: Stefan Berger <stefanb@xxxxxxxxxxxxx> Thanks, Stefan! Tested with this patch applied on top of "[PATCH v8 0/4] Add support for x509 certs with NIST p256 and p192" and "[PATCH v2 0/5] ima: kernel build support for loading the kernel module" patch sets. Tested-by: Mimi Zohar <zohar@xxxxxxxxxxxxx> Reviewed-by: Mimi Zohar <zohar@xxxxxxxxxxxxx>
