On Fri, Jun 25, 2021 at 02:06:52PM +0200, Jean Delvare wrote:
Is there a specific reason why you set CRYPTO_ECDSA=y in the kernel
config, instead of making it a module? I think we want do make things
modular whenever possible so that the base kernel isn't too heavy to
Secure boot signing keys and CAs can be in ECDSA form.
IBM zSeries z15 loads ECDSA signing keys during boot, and crashes
if its not builtin.