From: Lukas Bulwahn <lukas.bulwahn@gmail.com>
To: Dimitri John Ledkov <dimitri.ledkov@canonical.com>,
Herbert Xu <herbert@gondor.apana.org.au>,
David Howells <dhowells@redhat.com>,
David Woodhouse <dwmw2@infradead.org>,
Jonathan Corbet <corbet@lwn.net>,
Luis Chamberlain <mcgrof@kernel.org>,
linux-modules@vger.kernel.org, keyrings@vger.kernel.org,
linux-crypto@vger.kernel.org, linux-doc@vger.kernel.org
Cc: kernel-janitors@vger.kernel.org, linux-kernel@vger.kernel.org,
Lukas Bulwahn <lukas.bulwahn@gmail.com>
Subject: [PATCH] docs: module-signing: adjust guide after sha1 and sha224 support is gone
Date: Wed, 25 Oct 2023 12:42:12 +0200 [thread overview]
Message-ID: <20231025104212.12738-1-lukas.bulwahn@gmail.com> (raw)
Commit 16ab7cb5825f ("crypto: pkcs7 - remove sha1 support") and commit
fc3225fd6f1e ("module: Do not offer sha224 for built-in module signing")
removes sha1 and sha224 support for kernel module signing.
Adjust the module-signing admin guide documentation to those changes.
Signed-off-by: Lukas Bulwahn <lukas.bulwahn@gmail.com>
---
Documentation/admin-guide/module-signing.rst | 6 ++----
1 file changed, 2 insertions(+), 4 deletions(-)
diff --git a/Documentation/admin-guide/module-signing.rst b/Documentation/admin-guide/module-signing.rst
index 2898b2703297..e3ea1def4c0c 100644
--- a/Documentation/admin-guide/module-signing.rst
+++ b/Documentation/admin-guide/module-signing.rst
@@ -30,8 +30,8 @@ This facility uses X.509 ITU-T standard certificates to encode the public keys
involved. The signatures are not themselves encoded in any industrial standard
type. The facility currently only supports the RSA public key encryption
standard (though it is pluggable and permits others to be used). The possible
-hash algorithms that can be used are SHA-1, SHA-224, SHA-256, SHA-384, and
-SHA-512 (the algorithm is selected by data in the signature).
+hash algorithms that can be used are SHA-256, SHA-384, and SHA-512 (the
+algorithm is selected by data in the signature).
==========================
@@ -81,8 +81,6 @@ This has a number of options available:
sign the modules with:
=============================== ==========================================
- ``CONFIG_MODULE_SIG_SHA1`` :menuselection:`Sign modules with SHA-1`
- ``CONFIG_MODULE_SIG_SHA224`` :menuselection:`Sign modules with SHA-224`
``CONFIG_MODULE_SIG_SHA256`` :menuselection:`Sign modules with SHA-256`
``CONFIG_MODULE_SIG_SHA384`` :menuselection:`Sign modules with SHA-384`
``CONFIG_MODULE_SIG_SHA512`` :menuselection:`Sign modules with SHA-512`
--
2.17.1
next reply other threads:[~2023-10-25 10:43 UTC|newest]
Thread overview: 3+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-10-25 10:42 Lukas Bulwahn [this message]
2023-10-25 12:57 ` [PATCH] docs: module-signing: adjust guide after sha1 and sha224 support is gone Dimitri John Ledkov
2023-10-25 16:12 ` Ben Boeckel
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20231025104212.12738-1-lukas.bulwahn@gmail.com \
--to=lukas.bulwahn@gmail.com \
--cc=corbet@lwn.net \
--cc=dhowells@redhat.com \
--cc=dimitri.ledkov@canonical.com \
--cc=dwmw2@infradead.org \
--cc=herbert@gondor.apana.org.au \
--cc=kernel-janitors@vger.kernel.org \
--cc=keyrings@vger.kernel.org \
--cc=linux-crypto@vger.kernel.org \
--cc=linux-doc@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-modules@vger.kernel.org \
--cc=mcgrof@kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).