On Tue, Nov 11, 2025 at 04:48:31PM +0100, Petr Pavlu wrote:
> SHA-1 is considered deprecated and insecure due to vulnerabilities that can
> lead to hash collisions. Most distributions have already been using SHA-2
> for module signing because of this. The default was also changed last year
> from SHA-1 to SHA-512 in commit f3b93547b91a ("module: sign with sha512
> instead of sha1 by default"). This was not reported to cause any issues.
> Therefore, it now seems to be a good time to remove SHA-1 support for
> module signing.
>
> Commit 16ab7cb5825f ("crypto: pkcs7 - remove sha1 support") previously
> removed support for reading PKCS#7/CMS signed with SHA-1, along with the
> ability to use SHA-1 for module signing. This change broke iwd and was
> subsequently completely reverted in commit 203a6763ab69 ("Revert "crypto:
> pkcs7 - remove sha1 support""). However, dropping only the support for
> using SHA-1 for module signing is unrelated and can still be done
> separately.
>
> Note that this change only removes support for new modules to be SHA-1
> signed, but already signed modules can still be loaded.
>
> Signed-off-by: Petr Pavlu <[email protected]>
> ---
> kernel/module/Kconfig | 5 -----
> 1 file changed, 5 deletions(-)
>
> diff --git a/kernel/module/Kconfig b/kernel/module/Kconfig
> index 2a1beebf1d37..be74917802ad 100644
> --- a/kernel/module/Kconfig
> +++ b/kernel/module/Kconfig
> @@ -299,10 +299,6 @@ choice
> possible to load a signed module containing the algorithm to check
> the signature on that module.
>
> -config MODULE_SIG_SHA1
> - bool "SHA-1"
> - select CRYPTO_SHA1
> -
> config MODULE_SIG_SHA256
> bool "SHA-256"
> select CRYPTO_SHA256
> @@ -332,7 +328,6 @@ endchoice
> config MODULE_SIG_HASH
> string
> depends on MODULE_SIG || IMA_APPRAISE_MODSIG
> - default "sha1" if MODULE_SIG_SHA1
> default "sha256" if MODULE_SIG_SHA256
> default "sha384" if MODULE_SIG_SHA384
> default "sha512" if MODULE_SIG_SHA512
> --
> 2.51.1
>
Agreed.
Reviewed-by: Aaron Tomlin <[email protected]>
--
Aaron Tomlin
