As reported on the forum: https://forums.gentoo.org/viewtopic-t-1107190-highlight-.html
Linux kernel currently is bugged when LibreSSL is used and refuses to support anything higher than SHA1 for module signing. Since SHA1 is mostly considered insecure and prone to collision attacks it is pretty typical to use SHA256. See URL for current upstream bug.
The patch there is currently lying around in limbo for the past few months, so until they get around to landing, it should be included in Gentoo if libressl is used.
Kernel should build with LibreSSL supporting SHA256/512 etc.
Created attachment 657348 [details, diff]
sign-file: full functionality with modern LibreSSL
Patch from upstream kernel.org
I tend to reject this patch.
There's a reason why upstream did not accept the patch.
Also, current stable libressl version in Gentoo is
> /var/tmp/portage/dev-libs/libressl-3.1.3/image/usr/include/openssl/opensslv.h:#define LIBRESSL_VERSION_NUMBER 0x3010300fL
so we do not really need this patch.
(In reply to Thomas Deutschmann from comment #2)
> so we do not really need this patch.
For some reason compiling with module signing >=SHA256 still fails on latest stable kernel and latest stable LibreSSL for me. Same error.