korg/linux
0
0
Fork 0
mirror of https://mirrors.bfsu.edu.cn/git/linux.git synced 2024-11-11 12:28:41 +08:00
Code Issues Packages Projects Releases Wiki Activity

module: Do not offer sha224 for built-in module signing

Browse Source 
sha224 does not provide enough security against collision attacks
relative to the default keys used for signing (RSA 4k & P-384). Also
sha224 never became popular, as sha256 got widely adopter ahead of
sha224 being introduced.

Signed-off-by: Dimitri John Ledkov <dimitri.ledkov@canonical.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
This commit is contained in:
Dimitri John Ledkov 2023-10-10 22:26:33 +01:00 committed by Herbert Xu
parent c1d760a471
commit fc3225fd6f
1 changed files with 0 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
kernel/module/Kconfig
View File

@ -236,10 +236,6 @@ choice
possible to load a signed module containing the algorithm to check possible to load a signed module containing the algorithm to check
the signature on that module. the signature on that module.
config MODULE_SIG_SHA224
bool "Sign modules with SHA-224"
select CRYPTO_SHA256
config MODULE_SIG_SHA256 config MODULE_SIG_SHA256
bool "Sign modules with SHA-256" bool "Sign modules with SHA-256"
select CRYPTO_SHA256 select CRYPTO_SHA256
@ -257,7 +253,6 @@ endchoice
config MODULE_SIG_HASH config MODULE_SIG_HASH
string string
depends on MODULE_SIG || IMA_APPRAISE_MODSIG depends on MODULE_SIG || IMA_APPRAISE_MODSIG
default "sha224" if MODULE_SIG_SHA224
default "sha256" if MODULE_SIG_SHA256 default "sha256" if MODULE_SIG_SHA256
default "sha384" if MODULE_SIG_SHA384 default "sha384" if MODULE_SIG_SHA384
default "sha512" if MODULE_SIG_SHA512 default "sha512" if MODULE_SIG_SHA512