From patchwork Wed Oct 25 10:42:12 2023
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Lukas Bulwahn <lukas.bulwahn@gmail.com>
X-Patchwork-Id: 158022
Return-Path: <linux-kernel-owner@vger.kernel.org>
Delivered-To: ouuuleilei@gmail.com
Received: by 2002:a59:ce89:0:b0:403:3b70:6f57 with SMTP id p9csp2506182vqx;
        Wed, 25 Oct 2023 03:43:47 -0700 (PDT)
X-Google-Smtp-Source: 
 AGHT+IF/zBqrXfKqXjsWeT95SfagYGMYh1ZktCsASWR7vj/jT4sDJSigHd1RGP3Fpeh/DvYt3j00
X-Received: by 2002:a5b:f4c:0:b0:d9a:3bf1:35e9 with SMTP id
 y12-20020a5b0f4c000000b00d9a3bf135e9mr13733087ybr.3.1698230627304;
        Wed, 25 Oct 2023 03:43:47 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1698230627; cv=none;
        d=google.com; s=arc-20160816;
        b=AVS3ybbJlUgOyoWXFsOExFz31LMCuo3sRXMfRLxpaDD++Cn4RjVRRvUqyIfpyi2fA+
         /lRHHYlu7UGDKasmphH7hg/IJ6vC/oh+LL4lXKy8kDgp/Ng5Krel146fmNC7SYkS+pFT
         iLHZosMHAh6HB6cTeFcTBOXKLJTv4Fna/uL+Rk2ItHoeKxJyrIyf1yo8LPRMX47pc69G
         6ucVCvAWww9suxC8v/ICrqCuEVKu/52JrnHwQoHE5byLnSJK8gHThlSH0TGOhg5rLd07
         ZaP52IImTpnudVSO/SwsAeWPqLO6HPXAGz2tLjvQH8k4Obv3FxiB8mJ32bFNdzDb5jlY
         gBoA==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com;
 s=arc-20160816;
        h=list-id:precedence:message-id:date:subject:cc:to:from
         :dkim-signature;
        bh=USY4fw267Go83RxyHyFwK1+6pc6Q77CrkKJFbgSONJU=;
        fh=vJn9WAFXl6stsyzOQq4M9qZfIFtMWJt2lkSCvsiKtuY=;
        b=p8dU+5t123GKx8dQ2guXAhhSGpQVmiUAWiULT9SEirFTjsIyV9VlrJ9hcay90AAFLc
         uMWypPCjUgtpyIUh/9V/WpUMuFU/w5wLfedmSenPXCAMvGmSuEsjchMtgJh7Vs2vFvaN
         pclb5XjOkpAsnRzP8GrNIjYz735zfrsZXUeaAL0WeUtR8S5ZqubLq2DCrx0nMMdayDBq
         E4+YxWAz8oRm0O9gkJU9lZ8lDOy/Ck3mOEe8SYzNVWG7B7e92+HTT/ujofNIasSzcLv1
         qmEX51wPfbeVJZ4czIIsuCkuC/GQ2Gt7MQO4yRjFy6G7teFa5VzkiJJPxpyFrezVZqCj
         UmDQ==
ARC-Authentication-Results: i=1; mx.google.com;
       dkim=pass header.i=@gmail.com header.s=20230601 header.b=ShlEeboA;
       spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org
 designates 23.128.96.34 as permitted sender)
 smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com
Received: from howler.vger.email (howler.vger.email. [23.128.96.34])
        by mx.google.com with ESMTPS id
 g198-20020a25dbcf000000b00d9c690944fcsi3540701ybf.400.2023.10.25.03.43.46
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Wed, 25 Oct 2023 03:43:47 -0700 (PDT)
Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org
 designates 23.128.96.34 as permitted sender) client-ip=23.128.96.34;
Authentication-Results: mx.google.com;
       dkim=pass header.i=@gmail.com header.s=20230601 header.b=ShlEeboA;
       spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org
 designates 23.128.96.34 as permitted sender)
 smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com
Received: from out1.vger.email (depot.vger.email [IPv6:2620:137:e000::3:0])
	by howler.vger.email (Postfix) with ESMTP id 67781806E148;
	Wed, 25 Oct 2023 03:43:43 -0700 (PDT)
X-Virus-Status: Clean
X-Virus-Scanned: clamav-milter 0.103.10 at howler.vger.email
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S1343659AbjJYKnY (ORCPT <rfc822;aposhian.dev@gmail.com>
        + 26 others); Wed, 25 Oct 2023 06:43:24 -0400
Received: from lindbergh.monkeyblade.net ([23.128.96.19]:33024 "EHLO
        lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S1343522AbjJYKmy (ORCPT
        <rfc822;linux-kernel@vger.kernel.org>);
        Wed, 25 Oct 2023 06:42:54 -0400
Received: from mail-lf1-x135.google.com (mail-lf1-x135.google.com
 [IPv6:2a00:1450:4864:20::135])
        by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 4AD6F10FD;
        Wed, 25 Oct 2023 03:42:18 -0700 (PDT)
Received: by mail-lf1-x135.google.com with SMTP id
 2adb3069b0e04-507a62d4788so8673363e87.0;
        Wed, 25 Oct 2023 03:42:18 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=20230601; t=1698230536; x=1698835336;
 darn=vger.kernel.org;
        h=message-id:date:subject:cc:to:from:from:to:cc:subject:date
         :message-id:reply-to;
        bh=USY4fw267Go83RxyHyFwK1+6pc6Q77CrkKJFbgSONJU=;
        b=ShlEeboAgNI0keEKRxCp1TNhPFyAOyjzExRBcVJ4Z3oV86IulG0uOM0dL4VVVXzabv
         A8bFrjCSoJ90aAMkJ0MW2GsAHvMMmYoFZaCM6+9Xnx3gRSGRnwZ+ajEaa9b2R3rkxE7i
         PRDe1CslYMWmm81JE1cauzr3omMjBBCLXznW78hFyBz93gQ85N0cy6iUMYqgsg4X84qS
         LbLgaFwuRApfltyVOjoauHhfgq7f8athyNYeWOVKsHTrWsDFk1UTfub7s5fKBjuI6XeB
         qkL6knTUYxqbiJkugTeJGWSUe2YAe8A9B2VuC2wDi0zQDacWZZe+/srh/PgI48Q1KqOQ
         SYnQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20230601; t=1698230536; x=1698835336;
        h=message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc
         :subject:date:message-id:reply-to;
        bh=USY4fw267Go83RxyHyFwK1+6pc6Q77CrkKJFbgSONJU=;
        b=r+foBiem2wNeURN/xnH8D5gGVbw36TmTzWbyyjN34e08LsnbiWYsdEHlWxGZR+Ck8w
         oTw8Gz0TMaFkBzpzRVMbW5eFpCt6b4aBqldzT8mDBrcyBWuFQJ5cErPD076xk4NPj/4E
         gUGNwwvBJFJoXiJ/xOkMUB1qJzANrqvS4LzOuRtwpNgk69zySKTuUeRS6PiE964SPCVd
         G1m8Wqc6vqJz9meb6ortXTkdbT7xIVvMbFSBSpyFqHQOe9qCUDL/tcCxXm1L5JW2BXek
         dLmtNvAbr5WvJWpRDySrdF8AbKcy5pHHplSJ6Ecjeg9jtWKNRAUUXSY0KpgfvxCzte/z
         UJvg==
X-Gm-Message-State: AOJu0YyCQpp8kydZquV+WIK1ebNkY/ayhRFew93lF1taZEQUOb3/nDch
        rQkUW/AZE/qvgcclheuNlwU=
X-Received: by 2002:a19:5212:0:b0:505:6e21:32e1 with SMTP id
 m18-20020a195212000000b005056e2132e1mr10207820lfb.10.1698230536071;
        Wed, 25 Oct 2023 03:42:16 -0700 (PDT)
Received: from felia.fritz.box ([2a02:810d:7e40:14b0:2cbd:f9ec:f035:ebea])
        by smtp.gmail.com with ESMTPSA id
 t12-20020a05640203cc00b0053e67bcb3e7sm9179868edw.82.2023.10.25.03.42.14
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Wed, 25 Oct 2023 03:42:15 -0700 (PDT)
From: Lukas Bulwahn <lukas.bulwahn@gmail.com>
To: Dimitri John Ledkov <dimitri.ledkov@canonical.com>,
        Herbert Xu <herbert@gondor.apana.org.au>,
        David Howells <dhowells@redhat.com>,
        David Woodhouse <dwmw2@infradead.org>,
        Jonathan Corbet <corbet@lwn.net>,
        Luis Chamberlain <mcgrof@kernel.org>,
        linux-modules@vger.kernel.org, keyrings@vger.kernel.org,
        linux-crypto@vger.kernel.org, linux-doc@vger.kernel.org
Cc: kernel-janitors@vger.kernel.org, linux-kernel@vger.kernel.org,
        Lukas Bulwahn <lukas.bulwahn@gmail.com>
Subject: [PATCH] docs: module-signing: adjust guide after sha1 and sha224
 support is gone
Date: Wed, 25 Oct 2023 12:42:12 +0200
Message-Id: <20231025104212.12738-1-lukas.bulwahn@gmail.com>
X-Mailer: git-send-email 2.17.1
X-Spam-Status: No, score=-0.6 required=5.0 tests=DKIM_SIGNED,DKIM_VALID,
	DKIM_VALID_AU,FREEMAIL_FORGED_FROMDOMAIN,FREEMAIL_FROM,
	HEADER_FROM_DIFFERENT_DOMAINS,MAILING_LIST_MULTI,SPF_HELO_NONE,
	SPF_PASS autolearn=unavailable autolearn_force=no version=3.4.6
X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on howler.vger.email
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org
X-Greylist: Sender passed SPF test,
 not delayed by milter-greylist-4.6.4 (howler.vger.email [0.0.0.0]);
 Wed, 25 Oct 2023 03:43:43 -0700 (PDT)
X-getmail-retrieved-from-mailbox: INBOX
X-GMAIL-THRID: 1780723878080889920
X-GMAIL-MSGID: 1780723878080889920

Commit 16ab7cb5825f ("crypto: pkcs7 - remove sha1 support") and commit
fc3225fd6f1e ("module: Do not offer sha224 for built-in module signing")
removes sha1 and sha224 support for kernel module signing.

Adjust the module-signing admin guide documentation to those changes.

Signed-off-by: Lukas Bulwahn <lukas.bulwahn@gmail.com>
Acked-by: Dimitri John ledkov <dimitri.ledkov@canonical.com>
---
 Documentation/admin-guide/module-signing.rst | 6 ++----
 1 file changed, 2 insertions(+), 4 deletions(-)

diff --git a/Documentation/admin-guide/module-signing.rst b/Documentation/admin-guide/module-signing.rst
index 2898b2703297..e3ea1def4c0c 100644
--- a/Documentation/admin-guide/module-signing.rst
+++ b/Documentation/admin-guide/module-signing.rst
@@ -30,8 +30,8 @@ This facility uses X.509 ITU-T standard certificates to encode the public keys
 involved.  The signatures are not themselves encoded in any industrial standard
 type.  The facility currently only supports the RSA public key encryption
 standard (though it is pluggable and permits others to be used).  The possible
-hash algorithms that can be used are SHA-1, SHA-224, SHA-256, SHA-384, and
-SHA-512 (the algorithm is selected by data in the signature).
+hash algorithms that can be used are SHA-256, SHA-384, and SHA-512 (the
+algorithm is selected by data in the signature).
 
 
 ==========================
@@ -81,8 +81,6 @@ This has a number of options available:
      sign the modules with:
 
         =============================== ==========================================
-	``CONFIG_MODULE_SIG_SHA1``	:menuselection:`Sign modules with SHA-1`
-	``CONFIG_MODULE_SIG_SHA224``	:menuselection:`Sign modules with SHA-224`
 	``CONFIG_MODULE_SIG_SHA256``	:menuselection:`Sign modules with SHA-256`
 	``CONFIG_MODULE_SIG_SHA384``	:menuselection:`Sign modules with SHA-384`
 	``CONFIG_MODULE_SIG_SHA512``	:menuselection:`Sign modules with SHA-512`