tmakin/ack-tegra
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Revert "module: sign with sha512 instead of sha1 by default"

Browse Source 
This reverts commit e62c31802d which is
commit f3b93547b91ad849b58eb5ab2dd070950ad7beb3 upstream.

It breaks the Android kernel build as BoringSSL can only sign with SHA1
for this Android branch, and we do not want to break the ABI by changing
the module signing process in this stable kernel branch.

It was only added upstream by Greg to get his ARM64 stable builds to
compile properly on the latest version of Fedora, which did NOT like to
sign with SHA1, so blame him :)

Bug: 161946584
Change-Id: I4901a37dd9ac4bdd54a712331e1288053f0d9fb9
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
This commit is contained in:
Greg Kroah-Hartman
2025-05-21 07:39:26 +00:00
parent 452a0ec59d
commit c03fd6f483
1 changed files with 0 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
kernel/module/Kconfig
View File

@@ -313,7 +313,6 @@ comment "Do not forget to sign required modules with scripts/sign-file"
choice
prompt "Hash algorithm to sign modules"
depends on MODULE_SIG || IMA_APPRAISE_MODSIG
default MODULE_SIG_SHA512
help
This determines which sort of hashing algorithm will be used during
signature generation. This algorithm _must_ be built into the kernel