Lines Matching +full:sha +full:- +full:1
2 ------------------------------
6 .. - Overview.
7 .. - Configuring module signing.
8 .. - Generating signing keys.
9 .. - Public keys in the kernel.
10 .. - Manually signing modules.
11 .. - Signed modules and stripping.
12 .. - Loading signed modules.
13 .. - Non-valid signatures and unsigned modules.
14 .. - Administering/protecting the private key.
29 This facility uses X.509 ITU-T standard certificates to encode the public keys
33 hash algorithms that can be used are SHA-1, SHA-224, SHA-256, SHA-384, and
34 SHA-512 (the algorithm is selected by data in the signature).
49 (1) :menuselection:`Require modules to be validly signed`
75 scripts/sign-file
84 ``CONFIG_MODULE_SIG_SHA1`` :menuselection:`Sign modules with SHA-1`
85 ``CONFIG_MODULE_SIG_SHA224`` :menuselection:`Sign modules with SHA-224`
86 ``CONFIG_MODULE_SIG_SHA256`` :menuselection:`Sign modules with SHA-256`
87 ``CONFIG_MODULE_SIG_SHA384`` :menuselection:`Sign modules with SHA-384`
88 ``CONFIG_MODULE_SIG_SHA512`` :menuselection:`Sign modules with SHA-512`
116 This option can be set to the filename of a PEM-encoded file containing
169 openssl req -new -nodes -utf8 -sha256 -days 36500 -batch -x509 \
170 -config x509.genkey -outform PEM -out kernel_key.pem \
171 -keyout kernel_key.pem
187 223c7853 I------ 1 perm 1f030000 0 0 keyring .builtin_trusted_keys: 1
188 …302d2d52 I------ 1 perm 1f010000 0 0 asymmetri Fedora kernel signing key: d69a84e6bce3…
192 trusted certificates can be provided in a PEM-encoded file referenced by the
200 keyctl padd asymmetric "" [.builtin_trusted_keys-ID] <[key-file]
215 To manually sign a module, use the scripts/sign-file tool available in
218 1. The hash algorithm (e.g., sha256)
225 scripts/sign-file sha512 kernel-signkey.priv \
226 kernel-signkey.x509 module.ko
260 Non-valid signatures and unsigned modules
263 If ``CONFIG_MODULE_SIG_FORCE`` is enabled or module.sig_enforce=1 is supplied on