From 34507ba5b24ff9893682185bc1caed76f1fc14a0 Mon Sep 17 00:00:00 2001 From: Victor Bessonov Date: Fri, 22 Jul 2022 10:17:23 +0300 Subject: [PATCH] Allow gpg to select digest algo EC signatures requre that the digest has the corresponding length. Removing the hardcoded sha2-256 hash function and adding support of sha2-384 and sha2-512 should allow using EC crypto. --- config/linux-librem_common.config | 3 ++- initrd/bin/kexec-sign-config | 1 - 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/config/linux-librem_common.config b/config/linux-librem_common.config index 19b55b11f..4a6167320 100644 --- a/config/linux-librem_common.config +++ b/config/linux-librem_common.config @@ -230,7 +230,8 @@ CONFIG_CRYPTO_RMD160=m CONFIG_CRYPTO_RMD256=m CONFIG_CRYPTO_RMD320=m CONFIG_CRYPTO_SHA1_SSSE3=y -CONFIG_CRYPTO_SHA256=y +CONFIG_CRYPTO_SHA256_SSSE3=y +CONFIG_CRYPTO_SHA512_SSSE3=y CONFIG_CRYPTO_TGR192=m CONFIG_CRYPTO_WP512=m CONFIG_CRYPTO_GHASH_CLMUL_NI_INTEL=m diff --git a/initrd/bin/kexec-sign-config b/initrd/bin/kexec-sign-config index e5206ef7d..cb69ef52a 100755 --- a/initrd/bin/kexec-sign-config +++ b/initrd/bin/kexec-sign-config @@ -67,7 +67,6 @@ fi for tries in 1 2 3; do if sha256sum $param_files | gpg \ - --digest-algo SHA256 \ --detach-sign \ -a \ > $paramsdir/kexec.sig \