On Fri, 2014-10-03 at 20:34 +0400, Andrei Borzenkov wrote:
В Fri, 03 Oct 2014 17:59:45 +0200 Per Jessen per@computer.org пишет:
Andrei Borzenkov wrote:
В Fri, 03 Oct 2014 17:37:10 +0200 Per Jessen per@computer.org пишет:
Christian Boltz wrote:
Hello,
In the mean time we can disable this fips stuff for openSUSE I guess as openSUSE won't be validated for fips anyways, right?
Can you explain what this "fips stuff" is, please?
I guess it's some US federal thing:
https://de.wikipedia.org/wiki/Federal_Information_Processing_Standard
Should anything fips* be required for openSUSE? In YaST during installation I tried to remove it, but it complained that it was required by openssh and grub2.
Sorry? *What* was required by grub2 exactly?
I tried taboo'ing fipscheck and libfips* (I think it was) - openssh and grub2 complained about those being required. I'll double-check.
What do you mean "grub2 complained"? You mean "yast complained these are required for grub2"? There is no such dependency in any grub2 RPM - it is linked with libdevmapper, libfreetype, libfuse and liblzma. And fips* is not listed as explicit dependency either.
The chain is easy to find, no?
fipscheck is required by libfibscheck1 is required by libcryptsetup4 is required by systemd... and as we all know: systemd is rather essential to boot a modern openSUSE system.
Cheers, Dominique
(and for the record: FIPS is a certification level which is probably important for SLE, which likely strives for a FIPS-140 certification. As openSUSE will likely never throw the money in to get such a cert, it's less important, but the tools can still make sense there).