kernel/module/Kconfig | 5 ---- scripts/sign-file.c | 66 ++----------------------------------------- 2 files changed, 3 insertions(+), 68 deletions(-)
SHA-1 is considered deprecated and insecure due to vulnerabilities that can
lead to hash collisions. Most distributions have already been using SHA-2
for module signing because of this. The default was also changed last year
from SHA-1 to SHA-512 in f3b93547b91a ("module: sign with sha512 instead of
sha1 by default"). This was not reported to cause any issues. Therefore, it
now seems to be a good time to remove SHA-1 support for module signing.
Looking at the configs of several distributions [1], it seems only Android
still uses SHA-1 for module signing.
@Sami, it this correct and is there a specific reason for using SHA-1?
Note: The second patch has a minor conflict with the sign-file update in the
series "lib/crypto: Add ML-DSA signing" [2].
[1] https://oracle.github.io/kconfigs/?config=UTS_RELEASE&config=MODULE_SIG_SHA1&version=be8f5f6abf0b0979be20ee8d9afa2a49a13500b8
[2] https://lore.kernel.org/linux-crypto/61637.1762509938@warthog.procyon.org.uk/
Petr Pavlu (2):
module: Remove SHA-1 support for module signing
sign-file: Remove support for signing with PKCS#7
kernel/module/Kconfig | 5 ----
scripts/sign-file.c | 66 ++-----------------------------------------
2 files changed, 3 insertions(+), 68 deletions(-)
base-commit: 4427259cc7f7571a157fbc9b5011e1ef6fe0a4a8
--
2.51.1
On Tue, 11 Nov 2025 16:48:30 +0100, Petr Pavlu wrote:
> SHA-1 is considered deprecated and insecure due to vulnerabilities that can
> lead to hash collisions. Most distributions have already been using SHA-2
> for module signing because of this. The default was also changed last year
> from SHA-1 to SHA-512 in f3b93547b91a ("module: sign with sha512 instead of
> sha1 by default"). This was not reported to cause any issues. Therefore, it
> now seems to be a good time to remove SHA-1 support for module signing.
>
> [...]
Applied to modules-next, thanks!
[1/2] module: Remove SHA-1 support for module signing
commit: 148519a06304af4e6fbb82f20e1a4480e2c1b126
[2/2] sign-file: Use only the OpenSSL CMS API for signing
commit: d7afd65b4acc775df872af30948dd7c196587169
Best regards,
Sami
Hi Petr,
On Tue, Nov 11, 2025 at 7:49 AM Petr Pavlu <petr.pavlu@suse.com> wrote:
>
> SHA-1 is considered deprecated and insecure due to vulnerabilities that can
> lead to hash collisions. Most distributions have already been using SHA-2
> for module signing because of this. The default was also changed last year
> from SHA-1 to SHA-512 in f3b93547b91a ("module: sign with sha512 instead of
> sha1 by default"). This was not reported to cause any issues. Therefore, it
> now seems to be a good time to remove SHA-1 support for module signing.
>
> Looking at the configs of several distributions [1], it seems only Android
> still uses SHA-1 for module signing.
>
> @Sami, it this correct and is there a specific reason for using SHA-1?
It looks like GKI just uses the defaults here. Overall, Android
doesn't rely on module signing for security, it's only used to
differentiate between module types. Dropping SHA-1 support sounds like
a good idea to me.
> Note: The second patch has a minor conflict with the sign-file update in the
> series "lib/crypto: Add ML-DSA signing" [2].
>
> [1] https://oracle.github.io/kconfigs/?config=UTS_RELEASE&config=MODULE_SIG_SHA1&version=be8f5f6abf0b0979be20ee8d9afa2a49a13500b8
> [2] https://lore.kernel.org/linux-crypto/61637.1762509938@warthog.procyon.org.uk/
>
> Petr Pavlu (2):
> module: Remove SHA-1 support for module signing
> sign-file: Remove support for signing with PKCS#7
>
> kernel/module/Kconfig | 5 ----
> scripts/sign-file.c | 66 ++-----------------------------------------
> 2 files changed, 3 insertions(+), 68 deletions(-)
For the series:
Reviewed-by: Sami Tolvanen <samitolvanen@google.com>
Sami
© 2016 - 2026 Red Hat, Inc.