From 0b32b5b8c119b932719020ed27dd8a43f80b50ee Mon Sep 17 00:00:00 2001
From: Greg Kroah-Hartman <gregkh@google.com>
Date: Tue, 6 May 2025 17:30:34 +0000
Subject: [PATCH] Revert "module: sign with sha512 instead of sha1 by default"

This reverts commit 7c2f874c63a1a1f08f5cc86994e6719a22b43666 which is
commit f3b93547b91ad849b58eb5ab2dd070950ad7beb3 upstream.

It breaks the Android kernel build as BoringSSL can only sign with SHA1
for this Android branch, and we do not want to break the ABI by changing
the module signing process in this stable kernel branch.

It was only added upstream by Greg to get his ARM64 stable builds to
compile properly on the latest version of Fedora, which did NOT like to
sign with SHA1, so blame him :)

Bug: 161946584
Change-Id: I4901a37dd9ac4bdd54a712331e1288053f0d9fb9
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
---
 kernel/module/Kconfig | 1 -
 1 file changed, 1 deletion(-)

diff --git a/kernel/module/Kconfig b/kernel/module/Kconfig
index e95ee970d2a7..ef66cce84d61 100644
--- a/kernel/module/Kconfig
+++ b/kernel/module/Kconfig
@@ -158,7 +158,6 @@ comment "Do not forget to sign required modules with scripts/sign-file"
 choice
 	prompt "Which hash algorithm should modules be signed with?"
 	depends on MODULE_SIG || IMA_APPRAISE_MODSIG
-	default MODULE_SIG_SHA512
 	help
 	  This determines which sort of hashing algorithm will be used during
 	  signature generation.  This algorithm _must_ be built into the kernel