GPG digest algo and ECC keys
Running PureBoot r19 with Nitrokey containing ECC keys (signing and encryption are brainpoolP384r1 and auth is nistp521) I've stumbled upon some bug preventing me from using it further.
It looks like it's impossible to sign everything in /boot - Pureboot just stops here with an error "Failed to update checksums/sign default config".
I think the problem is in the hardcoded value of digest algorithm in kexec-sign-config script.
Maybe the verification part should use sha2-384 or even longer algo for gpg to verify signatures with such keys.
Something like:
for tries in 1 2 3; do if sha256sum $param_files | gpg \ --digest-algo SHA384 \ --detach-sign \ -a \ > $paramsdir/kexec.sig \ ; then