tpmdd updates for Linux v5.14-rc1
certs: Add support for using elliptic curve keys for signing modules
Add support for using elliptic curve keys for signing modules. It uses
a NIST P384 (secp384r1) key if the user chooses an elliptic curve key
and will have ECDSA support built into the kernel.
Note: A developer choosing an ECDSA key for signing modules should still
delete the signing key (rm certs/signing_key.*) when building an older
version of a kernel that only supports RSA keys. Unless kbuild automati-
cally detects and generates a new kernel module key, ECDSA-signed kernel
modules will fail signature verification.
Signed-off-by: Stefan Berger <email@example.com>
Cc: David Howells <firstname.lastname@example.org>
Cc: David Woodhouse <email@example.com>
Reviewed-by: Jarkko Sakkinen <firstname.lastname@example.org>
Signed-off-by: Jarkko Sakkinen <email@example.com>
3 files changed