Re: [PATCH v4 2/2] certs: Add support for using elliptic curve keys for... | linux-integrity

[PATCH v4 0/2] Add support for ECDSA-signed kernel modules · Stefan Berger <stefanb@linux.ibm.com> · 2021-04-23
[PATCH v4 2/2] certs: Add support for using elliptic curve keys for signing modules · Stefan Berger <stefanb@linux.ibm.com> · 2021-04-23
Re: [PATCH v4 2/2] certs: Add support for using elliptic curve keys for signing modules · Mimi Zohar <zohar@linux.ibm.com> · 2021-05-31
[PATCH v4 1/2] certs: Trigger creation of RSA module signing key if it's not an RSA key · Stefan Berger <stefanb@linux.ibm.com> · 2021-04-23
Re: [PATCH v4 1/2] certs: Trigger creation of RSA module signing key if it's not an RSA key · Mimi Zohar <zohar@linux.ibm.com> · 2021-05-31
Re: [PATCH v4 0/2] Add support for ECDSA-signed kernel modules · Jarkko Sakkinen <jarkko@kernel.org> · 2021-04-27

Re: [PATCH v4 2/2] certs: Add support for using elliptic curve keys for signing modules

From: Mimi Zohar <zohar@linux.ibm.com>
Date: 2021-05-31 17:04:24
Also in: keyrings, linux-security-module, lkml

On Fri, 2021-04-23 at 11:12 -0400, Stefan Berger wrote:

Add support for using elliptic curve keys for signing modules. It uses
a NIST P384 (secp384r1) key if the user chooses an elliptic curve key
and will have ECDSA support built into the kernel.

Note: A developer choosing an ECDSA key for signing modules should still
delete the signing key (rm certs/signing_key.*) when building an older
version of a kernel that only supports RSA keys. Unless kbuild automati-
cally detects and generates a new kernel module key, ECDSA-signed kernel
modules will fail signature verification.

Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>

Tested-by: Mimi Zohar <zohar@linux.ibm.com>

`h`	back out one level
`j`	next message in thread
`k`	previous message in thread
`l`	drill in
`Esc`	close help / fold thread tree
`?`	toggle this help