25 Jun
2021
25 Jun
'21
12:12
On Fri, Jun 25, 2021 at 02:06:52PM +0200, Jean Delvare wrote:
Hi Michal,
Is there a specific reason why you set CRYPTO_ECDSA=y in the kernel config, instead of making it a module? I think we want do make things modular whenever possible so that the base kernel isn't too heavy to load?
Secure boot signing keys and CAs can be in ECDSA form. IBM zSeries z15 loads ECDSA signing keys during boot, and crashes if its not builtin. Ciao, Marcus