test_ukify: use sha384 in the signing tests
On Fedora, with crypto policy TEST-FEDORA41, sha1 is not allowed:
$ SYSTEMD_LOG_LEVEL=debug build/systemd-measure sign
--linux=/lib/modules/6.9.7-200.fc40.x86_64/vmlinuz
--osrel=/tmp/tmp.osrelbl2sr77f
--cmdline=/tmp/tmp.cmdlineouc7hqtj
--uname=/tmp/tmp.unamecbjgesty
--pcrpkey=/tmp/tmpufiadu8l
--initrd=/boot/
3a9d668b4db749398a4a5e78a03bffa5/6.9.7-200.fc40.x86_64/initrd
--sbat=/tmp/tmp.sbataz9arpy0
--private-key=/tmp/tmppyf0gx6w
--public-key=/tmp/tmpufiadu8l
--bank=sha1
Measuring boot phases: enter-initrd, enter-initrd:leave-initrd, enter-initrd:leave-initrd:sysinit, enter-initrd:leave-initrd:sysinit:ready
Loaded 'libtss2-esys.so.0' via dlopen()
Loaded 'libtss2-rc.so.0' via dlopen()
Loaded 'libtss2-mu.so.0' via dlopen()
PolicyPCR calculated digest:
cec1a2ccb188ddd171a2be7bfa6b31cb9148776647354eb1069e0f891ed2dbe7
Failed to initialize signature context: error:
03000098:digital envelope routines::invalid digest
Failed to sign PCR policy: Input/output error
projects / systemd / .git / commit