diff mbox series

[v2] module: sign with sha512 instead of sha1 by default

Message ID 52ee32c0c92afc4d3263cea1f8a1cdc809728aff.1729088288.git.linux@leemhuis.info (mailing list archive)
State Handled Elsewhere
Headers show
Series [v2] module: sign with sha512 instead of sha1 by default | expand

Checks

Context Check Description
mcgrof/vmtest-modules-next-PR fail PR summary
mcgrof/vmtest-modules-next-VM_Test-1 success Logs for Run CI tests
mcgrof/vmtest-modules-next-VM_Test-2 success Logs for cleanup
mcgrof/vmtest-modules-next-VM_Test-0 fail Logs for Run CI tests
mcgrof/vmtest-modules-next-VM_Test-3 success Logs for cleanup
mcgrof/vmtest-modules-next-VM_Test-5 fail Logs for setup / Setup kdevops environment
mcgrof/vmtest-modules-next-VM_Test-4 success Logs for setup / Setup kdevops environment

Commit Message

Thorsten Leemhuis Oct. 16, 2024, 2:18 p.m. UTC
Switch away from using sha1 for module signing by default and use the
more modern sha512 instead, which is what among others Arch, Fedora,
RHEL, and Ubuntu are currently using for their kernels.

Sha1 has not been considered secure against well-funded opponents since
2005[1]; since 2011 the NIST and other organizations furthermore
recommended its replacement[2]. This is why OpenSSL on RHEL9, Fedora
Linux 41+[3], and likely some other current and future distributions
reject the creation of sha1 signatures, which leads to a build error of
allmodconfig configurations:

  80A20474797F0000:error:03000098:digital envelope routines:do_sigver_init:invalid digest:crypto/evp/m_sigver.c:342:
  make[4]: *** [.../certs/Makefile:53: certs/signing_key.pem] Error 1
  make[4]: *** Deleting file 'certs/signing_key.pem'
  make[4]: *** Waiting for unfinished jobs....
  make[3]: *** [.../scripts/Makefile.build:478: certs] Error 2
  make[2]: *** [.../Makefile:1936: .] Error 2
  make[1]: *** [.../Makefile:224: __sub-make] Error 2
  make[1]: Leaving directory '...'
  make: *** [Makefile:224: __sub-make] Error 2

This change makes allmodconfig work again and sets a default that is
more appropriate for current and future users, too.

Link: https://www.schneier.com/blog/archives/2005/02/cryptanalysis_o.html [1]
Link: https://csrc.nist.gov/projects/hash-functions [2]
Link: https://fedoraproject.org/wiki/Changes/OpenSSLDistrustsha1SigVer [3]
Signed-off-by: Thorsten Leemhuis <linux@leemhuis.info>
---

v2:
* use 'default MODULE_SIG_SHA512' in the "Hash algorithm to sign
  modules" choice instead of resorting the entries there.
* rewrite patch description
* drop RFC tag

v1: https://lore.kernel.org/all/42aa307d7ffae1851b4a8787f5c276dd0b3beece.1728543368.git.linux@leemhuis.info/
---
 kernel/module/Kconfig | 1 +
 1 file changed, 1 insertion(+)


base-commit: d3d1556696c1a993eec54ac585fe5bf677e07474

Comments

Sami Tolvanen Oct. 16, 2024, 3:30 p.m. UTC | #1
Hi Thorsten,

On Wed, Oct 16, 2024 at 7:18 AM Thorsten Leemhuis <linux@leemhuis.info> wrote:
>
> Switch away from using sha1 for module signing by default and use the
> more modern sha512 instead, which is what among others Arch, Fedora,
> RHEL, and Ubuntu are currently using for their kernels.
>
> Sha1 has not been considered secure against well-funded opponents since
> 2005[1]; since 2011 the NIST and other organizations furthermore
> recommended its replacement[2]. This is why OpenSSL on RHEL9, Fedora
> Linux 41+[3], and likely some other current and future distributions
> reject the creation of sha1 signatures, which leads to a build error of
> allmodconfig configurations:
>
>   80A20474797F0000:error:03000098:digital envelope routines:do_sigver_init:invalid digest:crypto/evp/m_sigver.c:342:
>   make[4]: *** [.../certs/Makefile:53: certs/signing_key.pem] Error 1
>   make[4]: *** Deleting file 'certs/signing_key.pem'
>   make[4]: *** Waiting for unfinished jobs....
>   make[3]: *** [.../scripts/Makefile.build:478: certs] Error 2
>   make[2]: *** [.../Makefile:1936: .] Error 2
>   make[1]: *** [.../Makefile:224: __sub-make] Error 2
>   make[1]: Leaving directory '...'
>   make: *** [Makefile:224: __sub-make] Error 2
>
> This change makes allmodconfig work again and sets a default that is
> more appropriate for current and future users, too.
>
> Link: https://www.schneier.com/blog/archives/2005/02/cryptanalysis_o.html [1]
> Link: https://csrc.nist.gov/projects/hash-functions [2]
> Link: https://fedoraproject.org/wiki/Changes/OpenSSLDistrustsha1SigVer [3]
> Signed-off-by: Thorsten Leemhuis <linux@leemhuis.info>
> ---
>
> v2:
> * use 'default MODULE_SIG_SHA512' in the "Hash algorithm to sign
>   modules" choice instead of resorting the entries there.
> * rewrite patch description
> * drop RFC tag
>
> v1: https://lore.kernel.org/all/42aa307d7ffae1851b4a8787f5c276dd0b3beece.1728543368.git.linux@leemhuis.info/
> ---
>  kernel/module/Kconfig | 1 +
>  1 file changed, 1 insertion(+)
>
> diff --git a/kernel/module/Kconfig b/kernel/module/Kconfig
> index 7c6588148d42d3..0c746a150e34e2 100644
> --- a/kernel/module/Kconfig
> +++ b/kernel/module/Kconfig
> @@ -231,6 +231,7 @@ comment "Do not forget to sign required modules with scripts/sign-file"
>  choice
>         prompt "Hash algorithm to sign modules"
>         depends on MODULE_SIG || IMA_APPRAISE_MODSIG
> +       default MODULE_SIG_SHA512
>         help
>           This determines which sort of hashing algorithm will be used during
>           signature generation.  This algorithm _must_ be built into the kernel

This looks good to me. Thank you for the patch!

Reviewed-by: Sami Tolvanen <samitolvanen@google.com>

Sami
Luis Chamberlain Oct. 19, 2024, 10:57 p.m. UTC | #2
On Wed, Oct 16, 2024 at 04:18:41PM +0200, Thorsten Leemhuis wrote:
> Switch away from using sha1 for module signing by default and use the
> more modern sha512 instead, which is what among others Arch, Fedora,
> RHEL, and Ubuntu are currently using for their kernels.
> 
> Sha1 has not been considered secure against well-funded opponents since
> 2005[1]; since 2011 the NIST and other organizations furthermore
> recommended its replacement[2]. This is why OpenSSL on RHEL9, Fedora
> Linux 41+[3], and likely some other current and future distributions
> reject the creation of sha1 signatures, which leads to a build error of
> allmodconfig configurations:
> 
>   80A20474797F0000:error:03000098:digital envelope routines:do_sigver_init:invalid digest:crypto/evp/m_sigver.c:342:
>   make[4]: *** [.../certs/Makefile:53: certs/signing_key.pem] Error 1
>   make[4]: *** Deleting file 'certs/signing_key.pem'
>   make[4]: *** Waiting for unfinished jobs....
>   make[3]: *** [.../scripts/Makefile.build:478: certs] Error 2
>   make[2]: *** [.../Makefile:1936: .] Error 2
>   make[1]: *** [.../Makefile:224: __sub-make] Error 2
>   make[1]: Leaving directory '...'
>   make: *** [Makefile:224: __sub-make] Error 2
> 
> This change makes allmodconfig work again and sets a default that is
> more appropriate for current and future users, too.
> 
> Link: https://www.schneier.com/blog/archives/2005/02/cryptanalysis_o.html [1]
> Link: https://csrc.nist.gov/projects/hash-functions [2]
> Link: https://fedoraproject.org/wiki/Changes/OpenSSLDistrustsha1SigVer [3]
> Signed-off-by: Thorsten Leemhuis <linux@leemhuis.info>

Thanks!

Tested-by: kdevops <kdevops@lists.linux.dev> [0]
Links: https://github.com/linux-kdevops/linux-modules-kpd/actions/runs/11420092929/job/31775404330 # [0]

Applied and pushed!

  Luis
diff mbox series

Patch

diff --git a/kernel/module/Kconfig b/kernel/module/Kconfig
index 7c6588148d42d3..0c746a150e34e2 100644
--- a/kernel/module/Kconfig
+++ b/kernel/module/Kconfig
@@ -231,6 +231,7 @@  comment "Do not forget to sign required modules with scripts/sign-file"
 choice
 	prompt "Hash algorithm to sign modules"
 	depends on MODULE_SIG || IMA_APPRAISE_MODSIG
+	default MODULE_SIG_SHA512
 	help
 	  This determines which sort of hashing algorithm will be used during
 	  signature generation.  This algorithm _must_ be built into the kernel