[PATCH] docs: module-signing: adjust guide after sha1 and sha224 support is gone

linux-modules.vger.kernel.org archive mirror
 help / color / mirror / Atom feed

* [PATCH] docs: module-signing: adjust guide after sha1 and sha224 support is gone
@ 2023-10-25 10:42 Lukas Bulwahn
  2023-10-25 12:57 ` Dimitri John Ledkov
  0 siblings, 1 reply; 3+ messages in thread
From: Lukas Bulwahn @ 2023-10-25 10:42 UTC (permalink / raw)
  To: Dimitri John Ledkov, Herbert Xu, David Howells, David Woodhouse,
	Jonathan Corbet, Luis Chamberlain, linux-modules, keyrings,
	linux-crypto, linux-doc
  Cc: kernel-janitors, linux-kernel, Lukas Bulwahn

Commit 16ab7cb5825f ("crypto: pkcs7 - remove sha1 support") and commit
fc3225fd6f1e ("module: Do not offer sha224 for built-in module signing")
removes sha1 and sha224 support for kernel module signing.

Adjust the module-signing admin guide documentation to those changes.

Signed-off-by: Lukas Bulwahn <lukas.bulwahn@gmail.com>
---
 Documentation/admin-guide/module-signing.rst | 6 ++----
 1 file changed, 2 insertions(+), 4 deletions(-)

diff --git a/Documentation/admin-guide/module-signing.rst b/Documentation/admin-guide/module-signing.rst
index 2898b2703297..e3ea1def4c0c 100644
--- a/Documentation/admin-guide/module-signing.rst
+++ b/Documentation/admin-guide/module-signing.rst
@@ -30,8 +30,8 @@ This facility uses X.509 ITU-T standard certificates to encode the public keys
 involved.  The signatures are not themselves encoded in any industrial standard
 type.  The facility currently only supports the RSA public key encryption
 standard (though it is pluggable and permits others to be used).  The possible
-hash algorithms that can be used are SHA-1, SHA-224, SHA-256, SHA-384, and
-SHA-512 (the algorithm is selected by data in the signature).
+hash algorithms that can be used are SHA-256, SHA-384, and SHA-512 (the
+algorithm is selected by data in the signature).
 
 
 ==========================
@@ -81,8 +81,6 @@ This has a number of options available:
      sign the modules with:
 
         =============================== ==========================================
-	``CONFIG_MODULE_SIG_SHA1``	:menuselection:`Sign modules with SHA-1`
-	``CONFIG_MODULE_SIG_SHA224``	:menuselection:`Sign modules with SHA-224`
 	``CONFIG_MODULE_SIG_SHA256``	:menuselection:`Sign modules with SHA-256`
 	``CONFIG_MODULE_SIG_SHA384``	:menuselection:`Sign modules with SHA-384`
 	``CONFIG_MODULE_SIG_SHA512``	:menuselection:`Sign modules with SHA-512`
-- 
2.17.1


^ permalink raw reply related	[flat|nested] 3+ messages in thread

* Re: [PATCH] docs: module-signing: adjust guide after sha1 and sha224 support is gone
  2023-10-25 10:42 [PATCH] docs: module-signing: adjust guide after sha1 and sha224 support is gone Lukas Bulwahn
@ 2023-10-25 12:57 ` Dimitri John Ledkov
  2023-10-25 16:12   ` Ben Boeckel
  0 siblings, 1 reply; 3+ messages in thread
From: Dimitri John Ledkov @ 2023-10-25 12:57 UTC (permalink / raw)
  To: Lukas Bulwahn
  Cc: Herbert Xu, David Howells, David Woodhouse, Jonathan Corbet,
	Luis Chamberlain, linux-modules, keyrings, linux-crypto,
	linux-doc, kernel-janitors, linux-kernel

Hi,

On Wed, 25 Oct 2023 at 11:42, Lukas Bulwahn <lukas.bulwahn@gmail.com> wrote:
>
> Commit 16ab7cb5825f ("crypto: pkcs7 - remove sha1 support") and commit
> fc3225fd6f1e ("module: Do not offer sha224 for built-in module signing")
> removes sha1 and sha224 support for kernel module signing.
>
> Adjust the module-signing admin guide documentation to those changes.
>
> Signed-off-by: Lukas Bulwahn <lukas.bulwahn@gmail.com>

Note I have submitted this change as part of the patch series that
adds SHA-3 over at
https://lore.kernel.org/linux-crypto/20231022182208.188714-1-dimitri.ledkov@canonical.com/T/#m81c32a65341a4de39596b72743ba38d46899016f

But indeed, if that patch series doesn't make it into the cryptodev
tree, then this documentation should go in, and the sha-3 one rebased
/ adjusted.

Sorry for not patching documentation at the same time as the code
changes that made documentation out of date.

Acked-by: Dimitri John ledkov <dimitri.ledkov@canonical.com>

> ---
>  Documentation/admin-guide/module-signing.rst | 6 ++----
>  1 file changed, 2 insertions(+), 4 deletions(-)
>
> diff --git a/Documentation/admin-guide/module-signing.rst b/Documentation/admin-guide/module-signing.rst
> index 2898b2703297..e3ea1def4c0c 100644
> --- a/Documentation/admin-guide/module-signing.rst
> +++ b/Documentation/admin-guide/module-signing.rst
> @@ -30,8 +30,8 @@ This facility uses X.509 ITU-T standard certificates to encode the public keys
>  involved.  The signatures are not themselves encoded in any industrial standard
>  type.  The facility currently only supports the RSA public key encryption
>  standard (though it is pluggable and permits others to be used).  The possible
> -hash algorithms that can be used are SHA-1, SHA-224, SHA-256, SHA-384, and
> -SHA-512 (the algorithm is selected by data in the signature).
> +hash algorithms that can be used are SHA-256, SHA-384, and SHA-512 (the
> +algorithm is selected by data in the signature).
>
>
>  ==========================
> @@ -81,8 +81,6 @@ This has a number of options available:
>       sign the modules with:
>
>          =============================== ==========================================
> -       ``CONFIG_MODULE_SIG_SHA1``      :menuselection:`Sign modules with SHA-1`
> -       ``CONFIG_MODULE_SIG_SHA224``    :menuselection:`Sign modules with SHA-224`
>         ``CONFIG_MODULE_SIG_SHA256``    :menuselection:`Sign modules with SHA-256`
>         ``CONFIG_MODULE_SIG_SHA384``    :menuselection:`Sign modules with SHA-384`
>         ``CONFIG_MODULE_SIG_SHA512``    :menuselection:`Sign modules with SHA-512`
> --
> 2.17.1
>


-- 
okurrr,

Dimitri

^ permalink raw reply	[flat|nested] 3+ messages in thread

* Re: [PATCH] docs: module-signing: adjust guide after sha1 and sha224 support is gone
  2023-10-25 12:57 ` Dimitri John Ledkov
@ 2023-10-25 16:12   ` Ben Boeckel
  0 siblings, 0 replies; 3+ messages in thread
From: Ben Boeckel @ 2023-10-25 16:12 UTC (permalink / raw)
  To: Dimitri John Ledkov
  Cc: Lukas Bulwahn, Herbert Xu, David Howells, David Woodhouse,
	Jonathan Corbet, Luis Chamberlain, linux-modules, keyrings,
	linux-crypto, linux-doc, kernel-janitors, linux-kernel

On Wed, Oct 25, 2023 at 13:57:08 +0100, Dimitri John Ledkov wrote:
> Sorry for not patching documentation at the same time as the code
> changes that made documentation out of date.

Should this, perhaps, get a `Fixes` trailer then?

--Ben

^ permalink raw reply	[flat|nested] 3+ messages in thread

end of thread, other threads:[~2023-10-25 16:12 UTC | newest]

Thread overview: 3+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2023-10-25 10:42 [PATCH] docs: module-signing: adjust guide after sha1 and sha224 support is gone Lukas Bulwahn
2023-10-25 12:57 ` Dimitri John Ledkov
2023-10-25 16:12   ` Ben Boeckel

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).