Re: [PATCH] docs: module-signing: adjust guide after sha1 and sha224 support is gone

From: Dimitri John Ledkov
Date: Wed Oct 25 2023 - 08:57:53 EST

Next message: Sagar Vashnav: "[PATCH] lib/crypto/aesgcm.c:add kernel docs for aesgcm_mac"
Previous message: Nikita Travkin: "Re: [PATCH v2 1/3] dt-bindings: mfd: qcom,spmi-pmic: Add pm8916 vm-bms and lbc"
In reply to: Lukas Bulwahn: "[PATCH] docs: module-signing: adjust guide after sha1 and sha224 support is gone"
Next in thread: Ben Boeckel: "Re: [PATCH] docs: module-signing: adjust guide after sha1 and sha224 support is gone"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Hi,

On Wed, 25 Oct 2023 at 11:42, Lukas Bulwahn <lukas.bulwahn@xxxxxxxxx> wrote:
>
> Commit 16ab7cb5825f ("crypto: pkcs7 - remove sha1 support") and commit
> fc3225fd6f1e ("module: Do not offer sha224 for built-in module signing")
> removes sha1 and sha224 support for kernel module signing.
>
> Adjust the module-signing admin guide documentation to those changes.
>
> Signed-off-by: Lukas Bulwahn <lukas.bulwahn@xxxxxxxxx>

Note I have submitted this change as part of the patch series that
adds SHA-3 over at
https://lore.kernel.org/linux-crypto/20231022182208.188714-1-dimitri.ledkov@xxxxxxxxxxxxx/T/#m81c32a65341a4de39596b72743ba38d46899016f

But indeed, if that patch series doesn't make it into the cryptodev
tree, then this documentation should go in, and the sha-3 one rebased
/ adjusted.

Sorry for not patching documentation at the same time as the code
changes that made documentation out of date.

Acked-by: Dimitri John ledkov <dimitri.ledkov@xxxxxxxxxxxxx>

> ---
> Documentation/admin-guide/module-signing.rst | 6 ++----
> 1 file changed, 2 insertions(+), 4 deletions(-)
>
> diff --git a/Documentation/admin-guide/module-signing.rst b/Documentation/admin-guide/module-signing.rst
> index 2898b2703297..e3ea1def4c0c 100644
> --- a/Documentation/admin-guide/module-signing.rst
> +++ b/Documentation/admin-guide/module-signing.rst
> @@ -30,8 +30,8 @@ This facility uses X.509 ITU-T standard certificates to encode the public keys
> involved. The signatures are not themselves encoded in any industrial standard
> type. The facility currently only supports the RSA public key encryption
> standard (though it is pluggable and permits others to be used). The possible
> -hash algorithms that can be used are SHA-1, SHA-224, SHA-256, SHA-384, and
> -SHA-512 (the algorithm is selected by data in the signature).
> +hash algorithms that can be used are SHA-256, SHA-384, and SHA-512 (the
> +algorithm is selected by data in the signature).
>
>
> ==========================
> @@ -81,8 +81,6 @@ This has a number of options available:
> sign the modules with:
>
> =============================== ==========================================
> - ``CONFIG_MODULE_SIG_SHA1`` :menuselection:`Sign modules with SHA-1`
> - ``CONFIG_MODULE_SIG_SHA224`` :menuselection:`Sign modules with SHA-224`
> ``CONFIG_MODULE_SIG_SHA256`` :menuselection:`Sign modules with SHA-256`
> ``CONFIG_MODULE_SIG_SHA384`` :menuselection:`Sign modules with SHA-384`
> ``CONFIG_MODULE_SIG_SHA512`` :menuselection:`Sign modules with SHA-512`
> --
> 2.17.1
>

--
okurrr,

Dimitri

Next message: Sagar Vashnav: "[PATCH] lib/crypto/aesgcm.c:add kernel docs for aesgcm_mac"
Previous message: Nikita Travkin: "Re: [PATCH v2 1/3] dt-bindings: mfd: qcom,spmi-pmic: Add pm8916 vm-bms and lbc"
In reply to: Lukas Bulwahn: "[PATCH] docs: module-signing: adjust guide after sha1 and sha224 support is gone"
Next in thread: Ben Boeckel: "Re: [PATCH] docs: module-signing: adjust guide after sha1 and sha224 support is gone"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]