lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Date:   Wed, 25 Oct 2023 12:42:12 +0200
From:   Lukas Bulwahn <>
To:     Dimitri John Ledkov <>,
        Herbert Xu <>,
        David Howells <>,
        David Woodhouse <>,
        Jonathan Corbet <>,
        Luis Chamberlain <>,,,,
        Lukas Bulwahn <>
Subject: [PATCH] docs: module-signing: adjust guide after sha1 and sha224 support is gone

Commit 16ab7cb5825f ("crypto: pkcs7 - remove sha1 support") and commit
fc3225fd6f1e ("module: Do not offer sha224 for built-in module signing")
removes sha1 and sha224 support for kernel module signing.

Adjust the module-signing admin guide documentation to those changes.

Signed-off-by: Lukas Bulwahn <>
 Documentation/admin-guide/module-signing.rst | 6 ++----
 1 file changed, 2 insertions(+), 4 deletions(-)

diff --git a/Documentation/admin-guide/module-signing.rst b/Documentation/admin-guide/module-signing.rst
index 2898b2703297..e3ea1def4c0c 100644
--- a/Documentation/admin-guide/module-signing.rst
+++ b/Documentation/admin-guide/module-signing.rst
@@ -30,8 +30,8 @@ This facility uses X.509 ITU-T standard certificates to encode the public keys
 involved.  The signatures are not themselves encoded in any industrial standard
 type.  The facility currently only supports the RSA public key encryption
 standard (though it is pluggable and permits others to be used).  The possible
-hash algorithms that can be used are SHA-1, SHA-224, SHA-256, SHA-384, and
-SHA-512 (the algorithm is selected by data in the signature).
+hash algorithms that can be used are SHA-256, SHA-384, and SHA-512 (the
+algorithm is selected by data in the signature).
@@ -81,8 +81,6 @@ This has a number of options available:
      sign the modules with:
         =============================== ==========================================
-	``CONFIG_MODULE_SIG_SHA1``	:menuselection:`Sign modules with SHA-1`
-	``CONFIG_MODULE_SIG_SHA224``	:menuselection:`Sign modules with SHA-224`
 	``CONFIG_MODULE_SIG_SHA256``	:menuselection:`Sign modules with SHA-256`
 	``CONFIG_MODULE_SIG_SHA384``	:menuselection:`Sign modules with SHA-384`
 	``CONFIG_MODULE_SIG_SHA512``	:menuselection:`Sign modules with SHA-512`

Powered by blists - more mailing lists