On 11/11/2023 5:44 pm, Eric Biggers wrote: > On Fri, Nov 10, 2023 at 05:27:44PM -0500, Ross Philipson wrote: >> arch/x86/boot/compressed/early_sha1.c | 12 ++++ >> lib/crypto/sha1.c | 81 +++++++++++++++++++++++++ > It's surprising to still see this new use of SHA-1 after so many people objected > to it in the v6 patchset. It's also frustrating that the SHA-1 support is still > being obfuscated by being combined in one patch with SHA-2 support, perhaps in > an attempt to conflate the two algorithms and avoid having to give a rationale > for the inclusion of SHA-1. Finally, new functions should not be added to > lib/crypto/sha1.c unless those functions have multiple users. The rational was given. Let me reiterate it. There are real TPMs in the world that can't use SHA-2. The use of SHA-1 is necessary to support DRTM on such systems, and there are real users of such configurations. DRTM with SHA-1-only is a damnsight better than no DTRM, even if SHA-1 is getting a little long in the tooth. So unless you have a credible plan to upgrade every non-SHA-2 TPM in the world, you are deliberately breaking part of the usecase paying for the effort of trying to upstream DRTM support into Linux. ~Andrew
