Switch IMA default hash to sha256
Bug #2041735 reported by
Dimitri John Ledkov
This bug affects 1 person
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
linux (Ubuntu) |
Fix Released
|
Undecided
|
Unassigned |
Bug Description
Switch IMA default hash to sha256
Some arches use sha256, others sha1.
sha256 is widely accelerated now.
most use sha256.
sha1 usage must stop after 2030, for NIST compliance.
One can switch to sha1 with kernel command line ima_hash=sha1
description: | updated |
To post a comment you must log in.
This bug was fixed in the package linux - 6.6.0-14.14
---------------
linux (6.6.0-14.14) noble; urgency=medium
* noble/linux: 6.6.0-14.14 -proposed tracker (LP: #2045243)
* Noble update: v6.6.3 upstream stable release (LP: #2045244) ww_mutex/ test: Fix potential workqueue corruption radix-tree. c: Don't overflow in peek() drivers/ timer-imx- gpt: Fix potential memory leak drivers/ timer-atmel- tcb: Fix initialization on SAM9 hardware get_tx_ power() htt_pull_ ppdu_stats( ) wmi_ext_ hal_reg_ caps() tx_queue_ mapping dst_pending_ confirm mhi_register( )
- locking/
- btrfs: abort transaction on generation mismatch when marking eb as dirty
- lib/generic-
- x86/retpoline: Make sure there are no unconverted return thunks due to KCSAN
- perf/core: Bail out early if the request AUX area is out of bound
- srcu: Fix srcu_struct node grpmask overflow on 64-bit systems
- selftests/lkdtm: Disable CONFIG_UBSAN_TRAP in test config
- clocksource/
- clocksource/
- srcu: Only accelerate on enqueue time
- smp,csd: Throw an error if a CSD lock is stuck for too long
- cpu/hotplug: Don't offline the last non-isolated CPU
- workqueue: Provide one lock class key per work_on_cpu() callsite
- x86/mm: Drop the 4 MB restriction on minimal NUMA node memory size
- wifi: plfxlc: fix clang-specific fortify warning
- wifi: ath12k: Ignore fragments from uninitialized peer in dp
- wifi: mac80211_hwsim: fix clang-specific fortify warning
- wifi: mac80211: don't return unset power in ieee80211_
- atl1c: Work around the DMA RX overflow issue
- bpf: Detect IP == ksym.end as part of BPF program
- wifi: ath9k: fix clang-specific fortify warnings
- wifi: ath12k: fix possible out-of-bound read in ath12k_
- wifi: ath10k: fix clang-specific fortify warning
- wifi: ath12k: fix possible out-of-bound write in
ath12k_
- ACPI: APEI: Fix AER info corruption when error status data has multiple
sections
- net: sfp: add quirk for Fiberstone GPON-ONU-34-20BI
- wifi: mt76: mt7921e: Support MT7992 IP in Xiaomi Redmibook 15 Pro (2023)
- wifi: mt76: fix clang-specific fortify warnings
- net: annotate data-races around sk->sk_
- net: annotate data-races around sk->sk_
- wifi: ath12k: mhi: fix potential memory leak in ath12k_
- wifi: ath10k: Don't touch the CE interrupt registers after power up
- net: sfp: add quirk for FS's 2.5G copper SFP
- vsock: read from socket's error queue
- bpf: Ensure proper register state printing for cond jumps
- wifi: iwlwifi: mvm: fix size check for fw_link_id
- Bluetooth: btusb: Add date->evt_skb is NULL check
- Bluetooth: Fix double free in hci_conn_cleanup
- ACPI: EC: Add quirk for HP 250 G7 Notebook PC
- tsnep: Fix tsnep_request_irq() format-overflow warning
- gpiolib: acpi: Add a ignore interrupt quirk for Peaq C1010
- platform/chrome: kunit: initialize lock for fake ec_dev
- of: address: Fix address translation when address-size is greater than 2
- platform/x86: thinkpad_acpi: Add battery quirk for Thinkpad X120e
- drm/gma500: Fix call trace when psb_gem_mm_init() fails
- drm/amdkfd: rateli...