Dimitri John Ledkov d4f5bfe20d certs: Limit MODULE_SIG_KEY_TYPE_ECDSA to SHA384 or SHA512 ...

NIST FIPS 186-5 states that it is recommended that the security
strength associated with the bit length of n and the security strength
of the hash function be the same, or higher upon agreement. Given NIST
P384 curve is used, force using either SHA384 or SHA512.

Signed-off-by: Dimitri John Ledkov <dimitri.ledkov@canonical.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>

2023-10-20 13:39:26 +08:00

..

.gitignore

certs: fix and refactor CONFIG_SYSTEM_BLACKLIST_HASH_LIST build

2022-06-15 21:52:32 +03:00

blacklist_hashes.c

certs: unify blacklist_hashes.c and blacklist_nohashes.c

2022-07-27 21:17:59 +09:00

blacklist.c

certs: don't try to update blacklist keys

2023-02-13 10:11:20 +02:00

blacklist.h

certs: Add EFI_CERT_X509_GUID support for dbx entries

2021-03-11 16:31:28 +00:00

check-blacklist-hashes.awk

certs: move scripts/check-blacklist-hashes.awk to certs/

2022-07-27 21:17:59 +09:00

default_x509.genkey

certs: check-in the default x509 config file

2021-12-11 22:09:14 +09:00

extract-cert.c

kbuild: do not print extra logs for V=2

2023-01-22 23:43:32 +09:00

Kconfig

certs: Limit MODULE_SIG_KEY_TYPE_ECDSA to SHA384 or SHA512

2023-10-20 13:39:26 +08:00

Makefile

certs: Fix build error when PKCS#11 URI contains semicolon

2023-01-31 17:53:01 +09:00

revocation_certificates.S

certs: Add ability to preload revocation certs

2021-03-11 16:33:49 +00:00

system_certificates.S

certs: include certs/signing_key.x509 unconditionally

2022-03-03 08:16:19 +09:00

system_keyring.c

certs: Reference revocation list for all keyrings

2023-08-17 20:12:41 +00:00