On Tue, Oct 10, 2023 at 10:25:29PM +0100, Dimitri John Ledkov wrote: > It is possible to stand up own certificates and sign PE-COFF binaries > using SHA-224. However it never became popular or needed since it has > similar costs as SHA-256. Windows Authenticode infrastructure never > had support for SHA-224, and all secureboot keys used fro linux > vmlinuz have always been using at least SHA-256. > > Given the point of mscode_parser is to support interoperatiblity with > typical de-facto hashes, remove support for SHA-224 to avoid > posibility of creating interoperatibility issues with rhboot/shim, > grub, and non-linux systems trying to sign or verify vmlinux. > > SHA-224 itself is not removed from the kernel, as it is truncated > SHA-256. If requested I can write patches to remove SHA-224 support > across all of the drivers. > > Signed-off-by: Dimitri John Ledkov <dimitri.ledkov@xxxxxxxxxxxxx> > --- > crypto/asymmetric_keys/mscode_parser.c | 3 --- > 1 file changed, 3 deletions(-) Patch applied. Thanks. -- Email: Herbert Xu <herbert@xxxxxxxxxxxxxxxxxxx> Home Page: http://gondor.apana.org.au/~herbert/ PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt
