module: enable automatic module signing with FIPS 202 SHA-3

Add Kconfig options to use SHA-3 for kernel module signing. 256 size for RSA only, and higher sizes for RSA and NIST P-384. Signed-off-by: Dimitri John Ledkov <dimitri.ledkov@canonical.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
author: Dimitri John Ledkov <dimitri.ledkov@canonical.com> 2023-10-22 19:22:07 +0100
committer: Herbert Xu <herbert@gondor.apana.org.au> 2023-10-27 18:04:30 +0800
commit: 446b1e0b7b39e2bf2187c58ba2a1cc60fb01de8b (patch)
tree: 6ff601d59b32426b47d7927d3498998b8809311c /certs
parent: fdb4f66c9545f29742be5a8d325798e6016c3c4e (diff)
1 files changed, 1 insertions, 1 deletions
diff --git a/certs/Kconfig b/certs/Kconfig
index 84582de66b7d..69d192a32dda 100644
--- a/certs/Kconfig
+++ b/certs/Kconfig
@@ -30,7 +30,7 @@ config MODULE_SIG_KEY_TYPE_RSA
 config MODULE_SIG_KEY_TYPE_ECDSA
 	bool "ECDSA"
 	select CRYPTO_ECDSA
-	depends on MODULE_SIG_SHA384 || MODULE_SIG_SHA512
+	depends on !(MODULE_SIG_SHA256 || MODULE_SIG_SHA3_256)
 	help
 	 Use an elliptic curve key (NIST P384) for module signing. Use
 	 a strong hash of same or higher bit length, i.e. sha384 or
author	Dimitri John Ledkov <dimitri.ledkov@canonical.com>	2023-10-22 19:22:07 +0100
committer	Herbert Xu <herbert@gondor.apana.org.au>	2023-10-27 18:04:30 +0800
commit	446b1e0b7b39e2bf2187c58ba2a1cc60fb01de8b (patch)
tree	6ff601d59b32426b47d7927d3498998b8809311c /certs
parent	fdb4f66c9545f29742be5a8d325798e6016c3c4e (diff)