Received: by 2002:a05:7412:251c:b0:e2:908c:2ebd with SMTP id w28csp2465752rda; Wed, 25 Oct 2023 03:43:32 -0700 (PDT) X-Google-Smtp-Source: AGHT+IHAEhCzz3CIxd88JiSlrhQplSY55KWevvQhg4J9EjnbOxP/lCtzczPSiclpB9qcJ5p4rEqa X-Received: by 2002:a05:622a:305:b0:410:a073:7538 with SMTP id q5-20020a05622a030500b00410a0737538mr16332536qtw.29.1698230612109; Wed, 25 Oct 2023 03:43:32 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1698230612; cv=none; d=google.com; s=arc-20160816; b=X77a0PyGoQoivhG4NSCHx1JnSJGl2gDx6ma6/a5IEHsQk09CH8iZ0X/QsQ4nh57BIW q0LtnQDPH0VxHawPhZp3iFcv3RboEqxexAJ9h7+0x39zQEj3HDlbdJZmu8mW6Iv6b90Q pbeBnHE3YwN2n+rJ2suY9OzTkwgI2rWpGOL/Q++Wz4wrNIx64/QOkceDAVTUIPDTOV7g 1GulWEopGCf7nNvf55yLncNnpJJKrX9t2qCOTxOVbYQukAnscdn8stFxCFO5cVKRyAGv R5nXIa3EAF6+LBmFUQDxH6IQpVCS8PuM7UQxl52ZWgF1Der9rcMJRp8AUyJXObMDHcS5 4KUQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:message-id:date:subject:cc:to:from :dkim-signature; bh=USY4fw267Go83RxyHyFwK1+6pc6Q77CrkKJFbgSONJU=; fh=vJn9WAFXl6stsyzOQq4M9qZfIFtMWJt2lkSCvsiKtuY=; b=X58tbIEz8NTWViPoTQzSjCC3t9ZsIib7fxScLt+belFsJ/YMs20Ya49ena07Lqa+H/ bBvbMfpBkW4DaitX1yLRn+cL+9shX+4wAx7C24GHxFUfe6aVj9kMSPIjX30UoClKaJj+ Aa1MDrgGPs/XP8xs/OSqL8evR0zJhLLfX4aW+bho9LOPPsVFt/l8EmnxCQL/4pjFfSU7 +oIYXFELPldFdWEAWxmfsihzlLIQAVuFDDnQczdSoq/McA72aqqHZnWHFQTkBiBAz2xK p/7JLCpTNKNwZBvG+fFqBbaM1z+t1+Mwd8fXqDG+J98T0qt9RPOXv9IKgNbeTRLICHW6 jzbQ== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@gmail.com header.s=20230601 header.b=ShlEeboA; spf=pass (google.com: domain of linux-crypto-owner@vger.kernel.org designates 2620:137:e000::3:6 as permitted sender) smtp.mailfrom=linux-crypto-owner@vger.kernel.org; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Return-Path: Received: from pete.vger.email (pete.vger.email. [2620:137:e000::3:6]) by mx.google.com with ESMTPS id i4-20020a81d504000000b0059c2412e526si10882091ywj.468.2023.10.25.03.43.31 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 25 Oct 2023 03:43:32 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-crypto-owner@vger.kernel.org designates 2620:137:e000::3:6 as permitted sender) client-ip=2620:137:e000::3:6; Authentication-Results: mx.google.com; dkim=pass header.i=@gmail.com header.s=20230601 header.b=ShlEeboA; spf=pass (google.com: domain of linux-crypto-owner@vger.kernel.org designates 2620:137:e000::3:6 as permitted sender) smtp.mailfrom=linux-crypto-owner@vger.kernel.org; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Received: from out1.vger.email (depot.vger.email [IPv6:2620:137:e000::3:0]) by pete.vger.email (Postfix) with ESMTP id B47D48027A69; Wed, 25 Oct 2023 03:43:24 -0700 (PDT) X-Virus-Status: Clean X-Virus-Scanned: clamav-milter 0.103.10 at pete.vger.email Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S234917AbjJYKnX (ORCPT + 99 others); Wed, 25 Oct 2023 06:43:23 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:33024 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1343522AbjJYKmy (ORCPT ); Wed, 25 Oct 2023 06:42:54 -0400 Received: from mail-lf1-x135.google.com (mail-lf1-x135.google.com [IPv6:2a00:1450:4864:20::135]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 4AD6F10FD; Wed, 25 Oct 2023 03:42:18 -0700 (PDT) Received: by mail-lf1-x135.google.com with SMTP id 2adb3069b0e04-507a62d4788so8673363e87.0; Wed, 25 Oct 2023 03:42:18 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1698230536; x=1698835336; darn=vger.kernel.org; h=message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=USY4fw267Go83RxyHyFwK1+6pc6Q77CrkKJFbgSONJU=; b=ShlEeboAgNI0keEKRxCp1TNhPFyAOyjzExRBcVJ4Z3oV86IulG0uOM0dL4VVVXzabv A8bFrjCSoJ90aAMkJ0MW2GsAHvMMmYoFZaCM6+9Xnx3gRSGRnwZ+ajEaa9b2R3rkxE7i PRDe1CslYMWmm81JE1cauzr3omMjBBCLXznW78hFyBz93gQ85N0cy6iUMYqgsg4X84qS LbLgaFwuRApfltyVOjoauHhfgq7f8athyNYeWOVKsHTrWsDFk1UTfub7s5fKBjuI6XeB qkL6knTUYxqbiJkugTeJGWSUe2YAe8A9B2VuC2wDi0zQDacWZZe+/srh/PgI48Q1KqOQ SYnQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1698230536; x=1698835336; h=message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=USY4fw267Go83RxyHyFwK1+6pc6Q77CrkKJFbgSONJU=; b=r+foBiem2wNeURN/xnH8D5gGVbw36TmTzWbyyjN34e08LsnbiWYsdEHlWxGZR+Ck8w oTw8Gz0TMaFkBzpzRVMbW5eFpCt6b4aBqldzT8mDBrcyBWuFQJ5cErPD076xk4NPj/4E gUGNwwvBJFJoXiJ/xOkMUB1qJzANrqvS4LzOuRtwpNgk69zySKTuUeRS6PiE964SPCVd G1m8Wqc6vqJz9meb6ortXTkdbT7xIVvMbFSBSpyFqHQOe9qCUDL/tcCxXm1L5JW2BXek dLmtNvAbr5WvJWpRDySrdF8AbKcy5pHHplSJ6Ecjeg9jtWKNRAUUXSY0KpgfvxCzte/z UJvg== X-Gm-Message-State: AOJu0YyCQpp8kydZquV+WIK1ebNkY/ayhRFew93lF1taZEQUOb3/nDch rQkUW/AZE/qvgcclheuNlwU= X-Received: by 2002:a19:5212:0:b0:505:6e21:32e1 with SMTP id m18-20020a195212000000b005056e2132e1mr10207820lfb.10.1698230536071; Wed, 25 Oct 2023 03:42:16 -0700 (PDT) Received: from felia.fritz.box ([2a02:810d:7e40:14b0:2cbd:f9ec:f035:ebea]) by smtp.gmail.com with ESMTPSA id t12-20020a05640203cc00b0053e67bcb3e7sm9179868edw.82.2023.10.25.03.42.14 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 25 Oct 2023 03:42:15 -0700 (PDT) From: Lukas Bulwahn To: Dimitri John Ledkov , Herbert Xu , David Howells , David Woodhouse , Jonathan Corbet , Luis Chamberlain , linux-modules@vger.kernel.org, keyrings@vger.kernel.org, linux-crypto@vger.kernel.org, linux-doc@vger.kernel.org Cc: kernel-janitors@vger.kernel.org, linux-kernel@vger.kernel.org, Lukas Bulwahn Subject: [PATCH] docs: module-signing: adjust guide after sha1 and sha224 support is gone Date: Wed, 25 Oct 2023 12:42:12 +0200 Message-Id: <20231025104212.12738-1-lukas.bulwahn@gmail.com> X-Mailer: git-send-email 2.17.1 X-Spam-Status: No, score=-0.6 required=5.0 tests=DKIM_SIGNED,DKIM_VALID, DKIM_VALID_AU,FREEMAIL_FORGED_FROMDOMAIN,FREEMAIL_FROM, HEADER_FROM_DIFFERENT_DOMAINS,MAILING_LIST_MULTI,SPF_HELO_NONE, SPF_PASS autolearn=unavailable autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on pete.vger.email Precedence: bulk List-ID: X-Mailing-List: linux-crypto@vger.kernel.org X-Greylist: Sender passed SPF test, not delayed by milter-greylist-4.6.4 (pete.vger.email [0.0.0.0]); Wed, 25 Oct 2023 03:43:25 -0700 (PDT) Commit 16ab7cb5825f ("crypto: pkcs7 - remove sha1 support") and commit fc3225fd6f1e ("module: Do not offer sha224 for built-in module signing") removes sha1 and sha224 support for kernel module signing. Adjust the module-signing admin guide documentation to those changes. Signed-off-by: Lukas Bulwahn --- Documentation/admin-guide/module-signing.rst | 6 ++---- 1 file changed, 2 insertions(+), 4 deletions(-) diff --git a/Documentation/admin-guide/module-signing.rst b/Documentation/admin-guide/module-signing.rst index 2898b2703297..e3ea1def4c0c 100644 --- a/Documentation/admin-guide/module-signing.rst +++ b/Documentation/admin-guide/module-signing.rst @@ -30,8 +30,8 @@ This facility uses X.509 ITU-T standard certificates to encode the public keys involved. The signatures are not themselves encoded in any industrial standard type. The facility currently only supports the RSA public key encryption standard (though it is pluggable and permits others to be used). The possible -hash algorithms that can be used are SHA-1, SHA-224, SHA-256, SHA-384, and -SHA-512 (the algorithm is selected by data in the signature). +hash algorithms that can be used are SHA-256, SHA-384, and SHA-512 (the +algorithm is selected by data in the signature). ========================== @@ -81,8 +81,6 @@ This has a number of options available: sign the modules with: =============================== ========================================== - ``CONFIG_MODULE_SIG_SHA1`` :menuselection:`Sign modules with SHA-1` - ``CONFIG_MODULE_SIG_SHA224`` :menuselection:`Sign modules with SHA-224` ``CONFIG_MODULE_SIG_SHA256`` :menuselection:`Sign modules with SHA-256` ``CONFIG_MODULE_SIG_SHA384`` :menuselection:`Sign modules with SHA-384` ``CONFIG_MODULE_SIG_SHA512`` :menuselection:`Sign modules with SHA-512` -- 2.17.1