首页 - Linux，OS - Main Content

Linux Kernel Shifts from SHA1 to SHA512 for Module Signing to Enhance Default Security

Many Linux distribution developers have already moved from the default SHA1 signature to SHA512 for kernel module signing. However, the Linux Kernel had been sticking with the SHA1 algorithm for module signing by default.

As the kernel version evolves, Linux Kernel 6.14 has started to default to the SHA512 algorithm for signing, significantly enhancing security compared to the SHA1 algorithm.

In the latest code merged into Linux Kernel 6.14, the kernel now defaults to using SHA512 while still supporting SHA1. The former, being more modern and secure, offers better resistance to attacks, as the SHA1 algorithm is gradually being phased out due to its vulnerabilities.

Switching to the SHA512 algorithm might cause some Linux distributions that use OpenSSL to encounter errors when attempting to sign kernel modules with SHA1, leading to kernel build failures.

However, as time progresses, the SHA512 algorithm is expected to become mainstream, at least within the Linux kernel, minimizing issues in kernel version builds.

Attached is the merged kernel code:

diff --git a/kernel/module/Kconfig b/kernel/module/Kconfig
index 7c6588148d42d3..0c746a150e34e2 100644
--- a/kernel/module/Kconfig
+++ b/kernel/module/Kconfig
@@ -231,6 +231,7 @@ comment "Do not forget to sign required modules with scripts/sign-file"
choice prompt "Hash algorithm to sign modules" depends on MODULE_SIG || IMA_APPRAISE_MODSIG
+ default MODULE_SIG_SHA512 help This determines which sort of hashing algorithm will be used during signature generation. This algorithm _must_ be built into the kernel
base-commit: d3d1556696c1a993eec54ac585fe5bf677e07474
--
2.45.0

Linux(44)Linux Kernel(20)SHA1(1)SHA512(1)

Copyright Notice:
Thank you for reading. This article was written by Landian News, and the author is Brook.X. If you wish to repost this article, please include a link to the original: https://landian.news/article/5121.html

{{userData.name}}

Linux Kernel Shifts from SHA1 to SHA512 for Module Signing to Enhance Default Security

Linux Kernel version 6.2 released finally support Apple M1

You can now run Linux inside a PDF file, achieved essentially through a simulation layer.

Wine 10.0 Official Release Scheduled for Mid-January 2025: A Major Leap in Cross-Platform Compatibility

Transition from CentOS to Rocky Linux: Embrace the New 9.4 Release

Microsoft Updates WSL2 Subsystem Kernel to Linux 6.6 LTS

Linux Kernel to Fully Abandon USB RNDIS Protocol Due to Limited Use and Security Concerns

Microsoft is improving the WSL, with the new version set to support mirroring the host machine's network interface and utilizing external DNS.

Linux Kernel Project Removes Entries of Several Russian Contributors Due to "Compliance Requirements"

The First Indelible UEFI Malware for Linux Systems Emerges, Security Firms on High Alert

EA Announces APEX Will No Longer Support Linux Systems and Steam Deck/Proton Compatibility Due to Anti-Cheat Measures

[Download] VirtualBox 7.1.6 Official Release: Now with Support for Linux Kernel 6.13

[Download] Wine 10.0 Released: A Major Update to the Linux-Windows Compatibility Layer Software, Bringing Numerous Functional Improvements

Developer's Account Suspended by OpenAI for Utilizing ChatGPT to Operate a Turret (Automatic Rifle)

Salesforce Halts Engineering Hires as AI Boosts Productivity by 30%

ByteDance's Enterprise App Lark to Cease U.S. Services, Businesses Face Troublesome Migration

Debian 12.9 Official Release: Featuring Linux Kernel LTS 6.1 - Download/Upgrade Guide Included

NVIDIA Launches Palm-Sized AI Supercomputer Named Project Digits, Delivering 1 PetaFLOPS of Floating-Point Performance

Microsoft Confirms Fix in Progress for Windows 11 Explorer Icon Overlap and Menu Disarray

Japanese Copyright Organization Sues Adult Piracy Site MISSAV for $45 Million, Seizes Main Domain