On Wed, 11 Feb 2026 13:29:28 +1000
alistair23@gmail.com wrote:
> From: Alistair Francis <alistair.francis@wdc.com>
>
> Work is ongoing to support PCIe device attestation and authentication.
> As part of this probing a PCIe device will require signing via
> the SPDM protocol to the kernel.
>
> Linux should verify the device before enabling the device, which means we
> need the crypto functions to be ready before arch initilisation (where PCIe
> init happens). Move the crypto init to postcore to
> ensure it's loaded before PCIe devices.
>
> This allows us to verify the certificate chain provided by a PCIe device
> via SPDM before we enable it.
>
> Signed-off-by: Alistair Francis <alistair.francis@wdc.com>
Whilst others may disagree, I think it still makes sense to check
signatures against the provided public leaf cert even if we aren't
checking the cert chain in kernel. That will need this.
Reviewed-by: Jonathan Cameron <jonathan.cameron@huawei.com>
> ---
> crypto/ecdsa.c | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/crypto/ecdsa.c b/crypto/ecdsa.c
> index ce8e4364842f..b225911c5266 100644
> --- a/crypto/ecdsa.c
> +++ b/crypto/ecdsa.c
> @@ -334,7 +334,7 @@ static void __exit ecdsa_exit(void)
> crypto_unregister_sig(&ecdsa_nist_p521);
> }
>
> -module_init(ecdsa_init);
> +postcore_initcall(ecdsa_init);
> module_exit(ecdsa_exit);
>
> MODULE_LICENSE("GPL");