mirror of
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
synced 2024-09-28 21:33:52 +00:00
c1d760a471
It is possible to stand up own certificates and sign PE-COFF binaries using SHA-224. However it never became popular or needed since it has similar costs as SHA-256. Windows Authenticode infrastructure never had support for SHA-224, and all secureboot keys used fro linux vmlinuz have always been using at least SHA-256. Given the point of mscode_parser is to support interoperatiblity with typical de-facto hashes, remove support for SHA-224 to avoid posibility of creating interoperatibility issues with rhboot/shim, grub, and non-linux systems trying to sign or verify vmlinux. SHA-224 itself is not removed from the kernel, as it is truncated SHA-256. If requested I can write patches to remove SHA-224 support across all of the drivers. Signed-off-by: Dimitri John Ledkov <dimitri.ledkov@canonical.com> Acked-by: Ard Biesheuvel <ardb@kernel.org> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> |
||
|---|---|---|
| .. | ||
| asymmetric_keys.h | ||
| asymmetric_type.c | ||
| Kconfig | ||
| Makefile | ||
| mscode.asn1 | ||
| mscode_parser.c | ||
| pkcs7.asn1 | ||
| pkcs7_key_type.c | ||
| pkcs7_parser.c | ||
| pkcs7_parser.h | ||
| pkcs7_trust.c | ||
| pkcs7_verify.c | ||
| pkcs8.asn1 | ||
| pkcs8_parser.c | ||
| public_key.c | ||
| restrict.c | ||
| selftest.c | ||
| signature.c | ||
| verify_pefile.c | ||
| verify_pefile.h | ||
| x509.asn1 | ||
| x509_akid.asn1 | ||
| x509_cert_parser.c | ||
| x509_loader.c | ||
| x509_parser.h | ||
| x509_public_key.c | ||