Consider migrating dm_verity to SHA256 |
||||||||
Issue descriptionSHA1 is at its end of life, so we should seriously consider to switch dm_verity as used for verified boot to more modern hash algorithm, e.g. SHA256 or SHA512. Before we do so, we should run a few measurements on intel and arm devices to see whether there's any adverse impact on boot timings. In terms of changes required, we'll probably be OK with build time changes since the device mapper table that specifies the hash algorithm is passed in the kernel command line.
,
May 17 2017
Wrong link?
,
May 18 2017
The NextAction date has arrived: 2017-05-18
,
May 18 2017
Correct link is this: https://chromium-review.googlesource.com/c/503032/ I'll see whether I can push this forward as a side project. If anyone feels this should receive more attention, feel free to grab the bug and run with it.
,
May 22 2017
should we make sure CONFIG_CRYPTO_SHA256_SSSE3 is turned on ?
,
May 22 2017
,
May 23 2017
Enabling the right crypto kernel config options is a good point. I'll take this into account when measuring performance.
,
May 30 2017
The NextAction date has arrived: 2017-05-30
,
May 30 2017
Busy with more important stuff. Since this is Pri-3 anyways, I'll drop the NextAction field for now.
,
Jun 20 2017
Came across another use of SHA1 in the recovery installer, filed a separate bug for that: https://bugs.chromium.org/p/chromium/issues/detail?id=734968
,
Aug 30
Relinquising ownership for now given that I'm busy with other stuff.
,
Aug 30
Would we consider this a "good first bug"?
,
Aug 30
|
||||||||
►
Sign in to add a comment |
||||||||
Comment 1 by mnissler@chromium.org
, May 11 2017