Hi Petr, On Tue, Nov 11, 2025 at 7:49 AM Petr Pavlu <[email protected]> wrote: > > SHA-1 is considered deprecated and insecure due to vulnerabilities that can > lead to hash collisions. Most distributions have already been using SHA-2 > for module signing because of this. The default was also changed last year > from SHA-1 to SHA-512 in f3b93547b91a ("module: sign with sha512 instead of > sha1 by default"). This was not reported to cause any issues. Therefore, it > now seems to be a good time to remove SHA-1 support for module signing. > > Looking at the configs of several distributions [1], it seems only Android > still uses SHA-1 for module signing. > > @Sami, it this correct and is there a specific reason for using SHA-1?
It looks like GKI just uses the defaults here. Overall, Android doesn't rely on module signing for security, it's only used to differentiate between module types. Dropping SHA-1 support sounds like a good idea to me. > Note: The second patch has a minor conflict with the sign-file update in the > series "lib/crypto: Add ML-DSA signing" [2]. > > [1] > https://oracle.github.io/kconfigs/?config=UTS_RELEASE&config=MODULE_SIG_SHA1&version=be8f5f6abf0b0979be20ee8d9afa2a49a13500b8 > [2] > https://lore.kernel.org/linux-crypto/[email protected]/ > > Petr Pavlu (2): > module: Remove SHA-1 support for module signing > sign-file: Remove support for signing with PKCS#7 > > kernel/module/Kconfig | 5 ---- > scripts/sign-file.c | 66 ++----------------------------------------- > 2 files changed, 3 insertions(+), 68 deletions(-) For the series: Reviewed-by: Sami Tolvanen <[email protected]> Sami
