Re: [PATCH 0/2] module: Remove SHA-1 support for module signing

[Sami Tolvanen]

Hi Petr,

On Tue, Nov 11, 2025 at 7:49 AM Petr Pavlu <petr.pavlu@xxxxxxxx> wrote:
>
> SHA-1 is considered deprecated and insecure due to vulnerabilities that can
> lead to hash collisions. Most distributions have already been using SHA-2
> for module signing because of this. The default was also changed last year
> from SHA-1 to SHA-512 in f3b93547b91a ("module: sign with sha512 instead of
> sha1 by default"). This was not reported to cause any issues. Therefore, it
> now seems to be a good time to remove SHA-1 support for module signing.
>
> Looking at the configs of several distributions [1], it seems only Android
> still uses SHA-1 for module signing.
>
> @Sami, it this correct and is there a specific reason for using SHA-1?

It looks like GKI just uses the defaults here. Overall, Android
doesn't rely on module signing for security, it's only used to
differentiate between module types. Dropping SHA-1 support sounds like
a good idea to me.

> Note: The second patch has a minor conflict with the sign-file update in the
> series "lib/crypto: Add ML-DSA signing" [2].
>
> [1] https://oracle.github.io/kconfigs/?config=UTS_RELEASE&config=MODULE_SIG_SHA1&version=be8f5f6abf0b0979be20ee8d9afa2a49a13500b8
> [2] https://lore.kernel.org/linux-crypto/61637.1762509938@xxxxxxxxxxxxxxxxxxxxxx/
>
> Petr Pavlu (2):
>   module: Remove SHA-1 support for module signing
>   sign-file: Remove support for signing with PKCS#7
>
>  kernel/module/Kconfig |  5 ----
>  scripts/sign-file.c   | 66 ++-----------------------------------------
>  2 files changed, 3 insertions(+), 68 deletions(-)

For the series:

Reviewed-by: Sami Tolvanen <samitolvanen@xxxxxxxxxx>

Sami