Linux 6.7 Reducing The Roles For Some Insecure/Obsolete Crypto Algorithms

Written by Michael Larabel in Linux Kernel on 4 November 2023 at 06:18 AM EDT. 2 Comments
The crypto subsystem updates for the Linux 6.7 kernel includes the usual churn like various crypto acceleration updates for different SoCs and other routine changes plus is also limiting the role of some insecure and/or obsolete crypto hashing algorithms.

With the Linux 6.7 kernel, the role of SHA1 has been reduced. The crypto PKCS7 code has removed SHA1 support that means no more signing of kernel modules using SHA1 or importing SHA1 signed X.509 certificates. SHA1 remains in the kernel for use by drivers for different purposes but when it comes to signing modules or importing X.509 certificates, it's no more. SHA256 or better algorithms are available for signing kernel modules.

The Linux 6.7 crypto update also removes MD4 and MD5 hashing and signatures in X.509 certificates and signatures. MD4 and MD5 are deemed insecure or broken and already for years users should have been using an alternative hashing implementations. This was also likely the last user of the MD4 crypto code in the kernel.

Linux 6.7 also drops SHA-224 authenticode support in the mscode_parser since it has similar costs to SHA-256 and Windows Authentication infrastructure for Secure Boot keys never supported SHA-224. All Secure Boot keys for Linux have also always been using at least SHA-256.

Those are the main highlights of the crypto updates for the Linux 6.7 kernel merge window.
Related News
About The Author
Michael Larabel

Michael Larabel is the principal author of and founded the site in 2004 with a focus on enriching the Linux hardware experience. Michael has written more than 20,000 articles covering the state of Linux hardware support, Linux performance, graphics drivers, and other topics. Michael is also the lead developer of the Phoronix Test Suite, Phoromatic, and automated benchmarking software. He can be followed via Twitter, LinkedIn, or contacted via

Popular News This Week