Hi, On Wed, 25 Oct 2023 at 11:42, Lukas Bulwahn <lukas.bulw...@gmail.com> wrote: > > Commit 16ab7cb5825f ("crypto: pkcs7 - remove sha1 support") and commit > fc3225fd6f1e ("module: Do not offer sha224 for built-in module signing") > removes sha1 and sha224 support for kernel module signing. > > Adjust the module-signing admin guide documentation to those changes. > > Signed-off-by: Lukas Bulwahn <lukas.bulw...@gmail.com>
Note I have submitted this change as part of the patch series that adds SHA-3 over at https://lore.kernel.org/linux-crypto/20231022182208.188714-1-dimitri.led...@canonical.com/T/#m81c32a65341a4de39596b72743ba38d46899016f But indeed, if that patch series doesn't make it into the cryptodev tree, then this documentation should go in, and the sha-3 one rebased / adjusted. Sorry for not patching documentation at the same time as the code changes that made documentation out of date. Acked-by: Dimitri John ledkov <dimitri.led...@canonical.com> > --- > Documentation/admin-guide/module-signing.rst | 6 ++---- > 1 file changed, 2 insertions(+), 4 deletions(-) > > diff --git a/Documentation/admin-guide/module-signing.rst > b/Documentation/admin-guide/module-signing.rst > index 2898b2703297..e3ea1def4c0c 100644 > --- a/Documentation/admin-guide/module-signing.rst > +++ b/Documentation/admin-guide/module-signing.rst > @@ -30,8 +30,8 @@ This facility uses X.509 ITU-T standard certificates to > encode the public keys > involved. The signatures are not themselves encoded in any industrial > standard > type. The facility currently only supports the RSA public key encryption > standard (though it is pluggable and permits others to be used). The > possible > -hash algorithms that can be used are SHA-1, SHA-224, SHA-256, SHA-384, and > -SHA-512 (the algorithm is selected by data in the signature). > +hash algorithms that can be used are SHA-256, SHA-384, and SHA-512 (the > +algorithm is selected by data in the signature). > > > ========================== > @@ -81,8 +81,6 @@ This has a number of options available: > sign the modules with: > > =============================== > ========================================== > - ``CONFIG_MODULE_SIG_SHA1`` :menuselection:`Sign modules with > SHA-1` > - ``CONFIG_MODULE_SIG_SHA224`` :menuselection:`Sign modules with > SHA-224` > ``CONFIG_MODULE_SIG_SHA256`` :menuselection:`Sign modules with > SHA-256` > ``CONFIG_MODULE_SIG_SHA384`` :menuselection:`Sign modules with > SHA-384` > ``CONFIG_MODULE_SIG_SHA512`` :menuselection:`Sign modules with > SHA-512` > -- > 2.17.1 > -- okurrr, Dimitri