SHA-1 is considered deprecated and insecure due to vulnerabilities that can
lead to hash collisions. Most distributions have already been using SHA-2
for module signing because of this. The default was also changed last year
from SHA-1 to SHA-512 in commit f3b93547b91a ("module: sign with sha512
instead of sha1 by default"). This was not reported to cause any issues.
Therefore, it now seems to be a good time to remove SHA-1 support for
module signing.

Commit 16ab7cb5825f ("crypto: pkcs7 - remove sha1 support") previously
removed support for reading PKCS#7/CMS signed with SHA-1, along with the
ability to use SHA-1 for module signing. This change broke iwd and was
subsequently completely reverted in commit 203a6763ab69 ("Revert "crypto:
pkcs7 - remove sha1 support""). However, dropping only the support for
using SHA-1 for module signing is unrelated and can still be done
separately.

Note that this change only removes support for new modules to be SHA-1
signed, but already signed modules can still be loaded.

Signed-off-by: Petr Pavlu <petr.pavlu@suse.com>
---
 kernel/module/Kconfig | 5 -----
 1 file changed, 5 deletions(-)

diff --git a/kernel/module/Kconfig b/kernel/module/Kconfig
index 2a1beebf1d37..be74917802ad 100644
--- a/kernel/module/Kconfig
+++ b/kernel/module/Kconfig
@@ -299,10 +299,6 @@ choice
 	  possible to load a signed module containing the algorithm to check
 	  the signature on that module.
 
-config MODULE_SIG_SHA1
-	bool "SHA-1"
-	select CRYPTO_SHA1
-
 config MODULE_SIG_SHA256
 	bool "SHA-256"
 	select CRYPTO_SHA256
@@ -332,7 +328,6 @@ endchoice
 config MODULE_SIG_HASH
 	string
 	depends on MODULE_SIG || IMA_APPRAISE_MODSIG
-	default "sha1" if MODULE_SIG_SHA1
 	default "sha256" if MODULE_SIG_SHA256
 	default "sha384" if MODULE_SIG_SHA384
 	default "sha512" if MODULE_SIG_SHA512
-- 
2.51.1

On Tue, Nov 11, 2025 at 04:48:31PM +0100, Petr Pavlu wrote:
> SHA-1 is considered deprecated and insecure due to vulnerabilities that can
> lead to hash collisions. Most distributions have already been using SHA-2
> for module signing because of this. The default was also changed last year
> from SHA-1 to SHA-512 in commit f3b93547b91a ("module: sign with sha512
> instead of sha1 by default"). This was not reported to cause any issues.
> Therefore, it now seems to be a good time to remove SHA-1 support for
> module signing.
> 
> Commit 16ab7cb5825f ("crypto: pkcs7 - remove sha1 support") previously
> removed support for reading PKCS#7/CMS signed with SHA-1, along with the
> ability to use SHA-1 for module signing. This change broke iwd and was
> subsequently completely reverted in commit 203a6763ab69 ("Revert "crypto:
> pkcs7 - remove sha1 support""). However, dropping only the support for
> using SHA-1 for module signing is unrelated and can still be done
> separately.
> 
> Note that this change only removes support for new modules to be SHA-1
> signed, but already signed modules can still be loaded.
> 
> Signed-off-by: Petr Pavlu <petr.pavlu@suse.com>
> ---
>  kernel/module/Kconfig | 5 -----
>  1 file changed, 5 deletions(-)
> 
> diff --git a/kernel/module/Kconfig b/kernel/module/Kconfig
> index 2a1beebf1d37..be74917802ad 100644
> --- a/kernel/module/Kconfig
> +++ b/kernel/module/Kconfig
> @@ -299,10 +299,6 @@ choice
>  	  possible to load a signed module containing the algorithm to check
>  	  the signature on that module.
>  
> -config MODULE_SIG_SHA1
> -	bool "SHA-1"
> -	select CRYPTO_SHA1
> -
>  config MODULE_SIG_SHA256
>  	bool "SHA-256"
>  	select CRYPTO_SHA256
> @@ -332,7 +328,6 @@ endchoice
>  config MODULE_SIG_HASH
>  	string
>  	depends on MODULE_SIG || IMA_APPRAISE_MODSIG
> -	default "sha1" if MODULE_SIG_SHA1
>  	default "sha256" if MODULE_SIG_SHA256
>  	default "sha384" if MODULE_SIG_SHA384
>  	default "sha512" if MODULE_SIG_SHA512
> -- 
> 2.51.1
> 

Agreed.

Reviewed-by: Aaron Tomlin <atomlin@atomlin.com>

-- 
Aaron Tomlin