Received: by 2002:a05:7412:251c:b0:e2:908c:2ebd with SMTP id w28csp2539825rda; Wed, 25 Oct 2023 05:58:00 -0700 (PDT) X-Google-Smtp-Source: AGHT+IGFfhvW+wpmZ720itQkfhRVa541A2G/hiymJ/kg+TDgvSOt0JMoCpt0tHNmjflF1HueUhCM X-Received: by 2002:a25:d281:0:b0:d9b:453a:5426 with SMTP id j123-20020a25d281000000b00d9b453a5426mr14974805ybg.56.1698238680225; Wed, 25 Oct 2023 05:58:00 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1698238680; cv=none; d=google.com; s=arc-20160816; b=XURBuGiY2C00cBue/zqPtuJ+53nkac8zNuCuWNR4qmsqSsyD0E/WIWOQFelK7VELvl AC/EYwrt2Fc05BQa6hIDuwY9cyT0Sf5F0qhvfFUqRdW4RAlznLJpWoHDidZiOPLKL83/ vQErW709eNxVC1D0NzrzkACLFOsiQqgedYv1yVQwYbxYqWD4gLo4kyZ46ABpKGQDZX5D M1XxKbvZJ6E1NvTfBNNoigc3MxmMOM7zUywNHwLrKgYSk0ddVdidak8gN21HNs/4yvSC dK2C5EqJqzDWisCzeoX+daWnChELPUPfN4k2vRUPTIfaI8YWvqi1OJFhvSMv2EG4/R72 Q54w== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:cc:to:subject:message-id:date:from:in-reply-to :references:mime-version:dkim-signature; bh=YZ12GF+aERDoIF3r6TEMZGT37W8A+JNypJswAaYxRhM=; fh=HV3Tm5g5KFxa1BI6k+M7b/WuOIY1xWGuIgwmj5CFWE4=; b=Tc1Ir2nyTJFL9jJcXpDZnEhOANwEsqG+P/soJAv8e+yy2SYAyMHlKiGf3oRGVao0oB jgZG7y1tK7a3lbn6eqvnXpYKr8ZOFZiVJHsW1aPwwTqafwZToSTnD33ewoWCtENO4ucy iE1YOEonIOkeLHyfP1zK8S+NV2Cp3feowsV3n6gIeGfULj4eJzN8ENMqflIHUEhwNH34 2Oc5ej3mdVZmTEFYNJhlXUs+M/bzg+EXCHP+rzYNeQFKFQnM/jBfI/LSfRVxskC2G1TR wunQ00a5+5Wwalnm3RJs9dLoHzSia1q0USz26YXTC9owjNn7aSliqRbvOniwnalP5YrZ uvIg== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@canonical.com header.s=20210705 header.b=A+2z6dTG; spf=pass (google.com: domain of linux-crypto-owner@vger.kernel.org designates 23.128.96.35 as permitted sender) smtp.mailfrom=linux-crypto-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=canonical.com Return-Path: Received: from groat.vger.email (groat.vger.email. [23.128.96.35]) by mx.google.com with ESMTPS id t7-20020a056902124700b00d84c1c2b6a6si13102117ybu.739.2023.10.25.05.57.58 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 25 Oct 2023 05:58:00 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-crypto-owner@vger.kernel.org designates 23.128.96.35 as permitted sender) client-ip=23.128.96.35; Authentication-Results: mx.google.com; dkim=pass header.i=@canonical.com header.s=20210705 header.b=A+2z6dTG; spf=pass (google.com: domain of linux-crypto-owner@vger.kernel.org designates 23.128.96.35 as permitted sender) smtp.mailfrom=linux-crypto-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=canonical.com Received: from out1.vger.email (depot.vger.email [IPv6:2620:137:e000::3:0]) by groat.vger.email (Postfix) with ESMTP id 507A2803ACAE; Wed, 25 Oct 2023 05:57:53 -0700 (PDT) X-Virus-Status: Clean X-Virus-Scanned: clamav-milter 0.103.10 at groat.vger.email Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S234938AbjJYM5u (ORCPT + 99 others); Wed, 25 Oct 2023 08:57:50 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:38186 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S234926AbjJYM5u (ORCPT ); Wed, 25 Oct 2023 08:57:50 -0400 Received: from smtp-relay-internal-1.canonical.com (smtp-relay-internal-1.canonical.com [185.125.188.123]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 7C2EEAC for ; Wed, 25 Oct 2023 05:57:47 -0700 (PDT) Received: from mail-wr1-f70.google.com (mail-wr1-f70.google.com [209.85.221.70]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by smtp-relay-internal-1.canonical.com (Postfix) with ESMTPS id DB677413B6 for ; Wed, 25 Oct 2023 12:57:44 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=canonical.com; s=20210705; t=1698238664; bh=YZ12GF+aERDoIF3r6TEMZGT37W8A+JNypJswAaYxRhM=; h=MIME-Version:References:In-Reply-To:From:Date:Message-ID:Subject: To:Cc:Content-Type; b=A+2z6dTGHZQNQZl/dKcLBiUFzdK9FxC0+Jsn7GnhcJkd6FJEmp3aCCqPA43lb5k8D DCMAiNZ93i3bcP6thD3qMOJ7UCAEqqLloLWEGR4oZCS1q5AheXOFbb2OoTop1O0RL/ PvsPQ/I0D2dCbUibNYQr2pAWM99wd+5SNSbV0M1tNL0AR7kQ8Vs/fgOpciJb4E9YRC t/YMx78ys7O8Xp+nH2HZF1nHW94HL6iJEZmHn4JUKT1VHXsuEv02ql82O8lgIOiECH oFqKgPBv3LTIcpZiuysbsoJksxuuMneFxn91vIIivKBofR89OM4zz2CywlbmnNGrge Y7jpAGbKHvUkw== Received: by mail-wr1-f70.google.com with SMTP id ffacd0b85a97d-32da215295fso2273075f8f.2 for ; Wed, 25 Oct 2023 05:57:44 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1698238664; x=1698843464; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=YZ12GF+aERDoIF3r6TEMZGT37W8A+JNypJswAaYxRhM=; b=nPBOMg057T6OhTh46b5Y/q025NChMRc2AQOExdlFoYlgIZ4URWljfG8LUoSjDcbzeJ bG53tuJf1Mgc/HFrlOaZiQEGMvOm4TQF2kHM6MlIPOkRtqr/1GiBNt0QJ17I1UhluD88 5/0FskNLZVsIsb+J1IYEmI/IXOPxh0slt3UYe/cD2xIIdNTk/7lbe2ALrZEegDkFWQmm WitRxDpDUl0+MnDuCJ9QmWaDExR6bSXG1sbJE3YfslZB3XWgQXiK1u/dmMU8ZIS7BTtm Jk7MrATf6mHUGsokY8SHV8TZj2dsElbmltXmqonfqIV7lI6ZNUgR+9T9KTC4Eu/WSRpK Xvlw== X-Gm-Message-State: AOJu0YzAVeQkplMl33ovra6k2/T2kEixT4aIGpXfKFohUFa3MyLI+jUo txIbCjRjoIkSDccSGaZ5lk6YPd9f++oBDNyogZD/3fiypdNqEjaFEBo4SaktteUEjzxpcUr6KXZ MatsNj1sxIWljTNcUVjbc4x47bxX3lzA7bxLIYF9oY822dlDmkroPgCPJfQ== X-Received: by 2002:adf:edc2:0:b0:32d:a57b:8c8d with SMTP id v2-20020adfedc2000000b0032da57b8c8dmr12438001wro.69.1698238664536; Wed, 25 Oct 2023 05:57:44 -0700 (PDT) X-Received: by 2002:adf:edc2:0:b0:32d:a57b:8c8d with SMTP id v2-20020adfedc2000000b0032da57b8c8dmr12437987wro.69.1698238664182; Wed, 25 Oct 2023 05:57:44 -0700 (PDT) MIME-Version: 1.0 References: <20231025104212.12738-1-lukas.bulwahn@gmail.com> In-Reply-To: <20231025104212.12738-1-lukas.bulwahn@gmail.com> From: Dimitri John Ledkov Date: Wed, 25 Oct 2023 13:57:08 +0100 Message-ID: Subject: Re: [PATCH] docs: module-signing: adjust guide after sha1 and sha224 support is gone To: Lukas Bulwahn Cc: Herbert Xu , David Howells , David Woodhouse , Jonathan Corbet , Luis Chamberlain , linux-modules@vger.kernel.org, keyrings@vger.kernel.org, linux-crypto@vger.kernel.org, linux-doc@vger.kernel.org, kernel-janitors@vger.kernel.org, linux-kernel@vger.kernel.org Content-Type: text/plain; charset="UTF-8" X-Spam-Status: No, score=-0.9 required=5.0 tests=DKIMWL_WL_HIGH,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,HEADER_FROM_DIFFERENT_DOMAINS, MAILING_LIST_MULTI,SPF_HELO_NONE,SPF_PASS autolearn=unavailable autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on groat.vger.email Precedence: bulk List-ID: X-Mailing-List: linux-crypto@vger.kernel.org X-Greylist: Sender passed SPF test, not delayed by milter-greylist-4.6.4 (groat.vger.email [0.0.0.0]); Wed, 25 Oct 2023 05:57:53 -0700 (PDT) Hi, On Wed, 25 Oct 2023 at 11:42, Lukas Bulwahn wrote: > > Commit 16ab7cb5825f ("crypto: pkcs7 - remove sha1 support") and commit > fc3225fd6f1e ("module: Do not offer sha224 for built-in module signing") > removes sha1 and sha224 support for kernel module signing. > > Adjust the module-signing admin guide documentation to those changes. > > Signed-off-by: Lukas Bulwahn Note I have submitted this change as part of the patch series that adds SHA-3 over at https://lore.kernel.org/linux-crypto/20231022182208.188714-1-dimitri.ledkov@canonical.com/T/#m81c32a65341a4de39596b72743ba38d46899016f But indeed, if that patch series doesn't make it into the cryptodev tree, then this documentation should go in, and the sha-3 one rebased / adjusted. Sorry for not patching documentation at the same time as the code changes that made documentation out of date. Acked-by: Dimitri John ledkov > --- > Documentation/admin-guide/module-signing.rst | 6 ++---- > 1 file changed, 2 insertions(+), 4 deletions(-) > > diff --git a/Documentation/admin-guide/module-signing.rst b/Documentation/admin-guide/module-signing.rst > index 2898b2703297..e3ea1def4c0c 100644 > --- a/Documentation/admin-guide/module-signing.rst > +++ b/Documentation/admin-guide/module-signing.rst > @@ -30,8 +30,8 @@ This facility uses X.509 ITU-T standard certificates to encode the public keys > involved. The signatures are not themselves encoded in any industrial standard > type. The facility currently only supports the RSA public key encryption > standard (though it is pluggable and permits others to be used). The possible > -hash algorithms that can be used are SHA-1, SHA-224, SHA-256, SHA-384, and > -SHA-512 (the algorithm is selected by data in the signature). > +hash algorithms that can be used are SHA-256, SHA-384, and SHA-512 (the > +algorithm is selected by data in the signature). > > > ========================== > @@ -81,8 +81,6 @@ This has a number of options available: > sign the modules with: > > =============================== ========================================== > - ``CONFIG_MODULE_SIG_SHA1`` :menuselection:`Sign modules with SHA-1` > - ``CONFIG_MODULE_SIG_SHA224`` :menuselection:`Sign modules with SHA-224` > ``CONFIG_MODULE_SIG_SHA256`` :menuselection:`Sign modules with SHA-256` > ``CONFIG_MODULE_SIG_SHA384`` :menuselection:`Sign modules with SHA-384` > ``CONFIG_MODULE_SIG_SHA512`` :menuselection:`Sign modules with SHA-512` > -- > 2.17.1 > -- okurrr, Dimitri