Skip to content

GitLab

Switch branch/tag
History Find file
Clone
certs: Trigger creation of RSA module signing key if it's not an RSA key
Stefan Berger authored 
[ Upstream commit ea35e0d5 ]

Address a kbuild issue where a developer created an ECDSA key for signing
kernel modules and then builds an older version of the kernel, when bi-
secting the kernel for example, that does not support ECDSA keys.

If openssl is installed, trigger the creation of an RSA module signing
key if it is not an RSA key.

Fixes: cfc411e7

 ("Move certificate handling to its own directory")
Cc: David Howells <dhowells@redhat.com>
Cc: David Woodhouse <dwmw2@infradead.org>
Signed-off-by: default avatarStefan Berger <stefanb@linux.ibm.com>
Reviewed-by: default avatarJarkko Sakkinen <jarkko@kernel.org>
Tested-by: default avatarJarkko Sakkinen <jarkko@kernel.org>
Signed-off-by: default avatarJarkko Sakkinen <jarkko@kernel.org>
Signed-off-by: default avatarSasha Levin <sashal@kernel.org>
013177cc
Name Last commit Last update
..
.gitignore certs: add .gitignore to stop git nagging about x509_certificate_list
Kconfig certs: Add EFI_CERT_X509_GUID support for dbx entries
Makefile certs: Trigger creation of RSA module signing key if it's not an RSA key
blacklist.c certs: Add EFI_CERT_X509_GUID support for dbx entries
blacklist.h certs: Add EFI_CERT_X509_GUID support for dbx entries
blacklist_hashes.c License cleanup: add SPDX GPL-2.0 license identifier to files with no license
blacklist_nohashes.c certs/blacklist_nohashes.c: fix const confusion in certs blacklist
common.c certs: Move load_system_certificate_list to a common function
common.h certs: Move load_system_certificate_list to a common function
system_certificates.S export.h: remove VMLINUX_SYMBOL() and VMLINUX_SYMBOL_STR()
system_keyring.c certs: Move load_system_certificate_list to a common function