On Tue, Apr 06, 2021 at 02:53:38PM -0400, Stefan Berger wrote: > This series adds support for ECDSA-signed kernel modules. > > The first patch in this series attempts to address the issue where a > developer created an ECDSA key for signing modules and then falls back > to compiling an older version of the kernel that does not support > ECDSA keys. In this case this patch would delete that ECDSA key if it is > in certs/signing_key.pem and trigger the creation of an RSA key. However, > for this to work this patch would have to be applied to previous versions > of the kernel but would also only work for the developer if he/she used a > stable version of the kernel to which this patch was applied. So whether > this patch actually achieves the wanted effect is not always guaranteed. Just wondering why the key needs to be removed in the fallback. /Jarkko
