mirror of
https://github.com/torvalds/linux
synced 2024-10-06 11:25:23 +00:00
module: Do not offer sha224 for built-in module signing
sha224 does not provide enough security against collision attacks relative to the default keys used for signing (RSA 4k & P-384). Also sha224 never became popular, as sha256 got widely adopter ahead of sha224 being introduced. Signed-off-by: Dimitri John Ledkov <dimitri.ledkov@canonical.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
This commit is contained in:
parent
c1d760a471
commit
fc3225fd6f
|
@ -236,10 +236,6 @@ choice
|
|||
possible to load a signed module containing the algorithm to check
|
||||
the signature on that module.
|
||||
|
||||
config MODULE_SIG_SHA224
|
||||
bool "Sign modules with SHA-224"
|
||||
select CRYPTO_SHA256
|
||||
|
||||
config MODULE_SIG_SHA256
|
||||
bool "Sign modules with SHA-256"
|
||||
select CRYPTO_SHA256
|
||||
|
@ -257,7 +253,6 @@ endchoice
|
|||
config MODULE_SIG_HASH
|
||||
string
|
||||
depends on MODULE_SIG || IMA_APPRAISE_MODSIG
|
||||
default "sha224" if MODULE_SIG_SHA224
|
||||
default "sha256" if MODULE_SIG_SHA256
|
||||
default "sha384" if MODULE_SIG_SHA384
|
||||
default "sha512" if MODULE_SIG_SHA512
|
||||
|
|
Loading…
Reference in a new issue