Am Freitag, 14. Januar 2022, 11:55:26 CET schrieb Herbert Xu: Hi Herbert, > > On an unrelated note, this will break trusted_key_tpm_ops->init() in > > FIPS mode, because trusted_shash_alloc() would fail to get a hold of > > sha1. AFAICT, this could potentially make the init_trusted() module_init > > to fail, and, as encrypted-keys.ko imports key_type_trusted, prevent the > > loading of that one as well. Not sure that's desired... > > Well if sha1 is supposed to be forbidden in FIPS mode why should SHA-1 is approved in all use cases except signatures. Ciao Stephan
