On Wed, Aug 28, 2013 at 12:54:54PM -0400, Jeff Mahoney wrote:
On 8/28/13 12:27 PM, Marcus Meissner wrote:
Hi folks,
please enable CONFIG_CRYPTO_FIPS
Default of fips is still 0 aka "off" afterwards, but you can then actually switch it on via fips=1.
It does seem to require that crypto self tests be enabled, though.
depends on CRYPTO_ANSI_CPRNG && !CRYPTO_MANAGER_DISABLE_TESTS CRYPTO_MANAGER_DISABLE_TESTS Disable run-time self tests that normally take place at algorithm registration. Not sure how much startup performance this will cost. Perhaps we could restrict this to only be called when FIPS is enabled, with a simple if (!fips_enabled) ? Ciao, Marcus -- To unsubscribe, e-mail: opensuse-kernel+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-kernel+owner@opensuse.org