mirror of
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
synced 2024-09-28 21:33:52 +00:00
c1d760a471
It is possible to stand up own certificates and sign PE-COFF binaries using SHA-224. However it never became popular or needed since it has similar costs as SHA-256. Windows Authenticode infrastructure never had support for SHA-224, and all secureboot keys used fro linux vmlinuz have always been using at least SHA-256. Given the point of mscode_parser is to support interoperatiblity with typical de-facto hashes, remove support for SHA-224 to avoid posibility of creating interoperatibility issues with rhboot/shim, grub, and non-linux systems trying to sign or verify vmlinux. SHA-224 itself is not removed from the kernel, as it is truncated SHA-256. If requested I can write patches to remove SHA-224 support across all of the drivers. Signed-off-by: Dimitri John Ledkov <dimitri.ledkov@canonical.com> Acked-by: Ard Biesheuvel <ardb@kernel.org> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> |
||
---|---|---|
.. | ||
asymmetric_keys.h | ||
asymmetric_type.c | ||
Kconfig | ||
Makefile | ||
mscode.asn1 | ||
mscode_parser.c | ||
pkcs7.asn1 | ||
pkcs7_key_type.c | ||
pkcs7_parser.c | ||
pkcs7_parser.h | ||
pkcs7_trust.c | ||
pkcs7_verify.c | ||
pkcs8.asn1 | ||
pkcs8_parser.c | ||
public_key.c | ||
restrict.c | ||
selftest.c | ||
signature.c | ||
verify_pefile.c | ||
verify_pefile.h | ||
x509.asn1 | ||
x509_akid.asn1 | ||
x509_cert_parser.c | ||
x509_loader.c | ||
x509_parser.h | ||
x509_public_key.c |