The Linux 7.0 kernel has removed support for signing kernel modules using SHA-1 as it's no longer considered secure but existing SHA-1 signed modules can still be loaded.

Merged for the Linux 7.0 are the module changes that include removing support for SHA1 since it's no longer considered secure due to the possibility of hash collisions. This shouldn't come as too much of a surprise as months ago we reported on [1]Linux looking to drop SHA1 signing support for kernel modules/drivers. It's outdated, collisions can exist, it was already marked as deprecated in the mainline kernel, and there are better modern alternatives that major Linux distribution vendors have since adopted.

"Remove SHA-1 support for signing modules. SHA-1 is no longer considered secure for signatures due to vulnerabilities that can lead to hash collisions. None of the major distributions use SHA-1 anymore, and the kernel has defaulted to SHA-512 since v6.11. Note that loading SHA-1 signed modules is still supported."

The modules [2]pull request was merged to Linux 7.0 without issue.



[1] https://www.phoronix.com/news/Linux-Patch-Drop-SHA1-Mod-Sign

[2] https://lore.kernel.org/lkml/20260209155527.1385229-2-samitolvanen@google.com/