From: Stephan Mueller <stephan.mueller@atsec.com>
To: Rusty Russell <rusty@rustcorp.com.au>
Cc: Kyle McMartin <kyle@redhat.com>,
linux-kernel@vger.kernel.org, David Howells <dhowells@redhat.com>,
jstancek@redhat.com
Subject: Re: [PATCH] MODSIGN: flag modules that use cryptoapi and only panic if those are unsigned
Date: Fri, 25 Jan 2013 13:46:17 +0100 [thread overview]
Message-ID: <51027E99.1060908@atsec.com> (raw)
In-Reply-To: <874ni6qhlq.fsf@rustcorp.com.au>
On 25.01.2013 00:36:01, +0100, Rusty Russell <rusty@rustcorp.com.au> wrote:
Hi Rusty at al,
while we are at FIPS discussions, may I propose a slight fix because the
FIPS mode is not covering the FIPS 200 (a management system set of
requirements), but FIPS 140-2 covering implementation requirements for
cryptography.
Signed-off-by: Stephan Mueller <smueller@chronox.de>
--- Kconfig.orig 2013-01-25 13:42:54.649705380 +0100
+++ Kconfig 2013-01-25 13:43:16.737705712 +0100
@@ -22,11 +22,11 @@
comment "Crypto core or helper"
config CRYPTO_FIPS
- bool "FIPS 200 compliance"
+ bool "FIPS 140-2 compliance"
depends on CRYPTO_ANSI_CPRNG && !CRYPTO_MANAGER_DISABLE_TESTS
help
This options enables the fips boot option which is
- required if you want to system to operate in a FIPS 200
+ required if you want to system to operate in a FIPS 140-2
certification. You should say no unless you know what
this is.
next prev parent reply other threads:[~2013-01-25 12:46 UTC|newest]
Thread overview: 22+ messages / expand[flat|nested] mbox.gz Atom feed top
2013-01-22 18:43 [PATCH] MODSIGN: only panic in fips mode if sig_enforce is set Kyle McMartin
2013-01-22 23:17 ` Rusty Russell
2013-01-23 11:26 ` David Howells
2013-01-23 15:18 ` Stephan Mueller
2013-01-24 14:59 ` Kyle McMartin
2013-01-25 11:28 ` Stephan Mueller
2013-01-24 19:06 ` [PATCH] MODSIGN: flag modules that use cryptoapi and only panic if those are unsigned Kyle McMartin
2013-01-24 19:21 ` Kyle McMartin
2013-01-24 23:36 ` Rusty Russell
2013-01-25 5:45 ` Kyle McMartin
2013-01-25 12:42 ` Stephan Mueller
2013-02-03 23:34 ` Rusty Russell
2013-01-25 12:46 ` Stephan Mueller [this message]
2013-01-25 12:18 ` Stephan Mueller
2013-02-05 22:58 ` [RFC PATCH] fips: check whether a module registering an alg or template is signed Kyle McMartin
2013-02-06 8:02 ` Stephan Mueller
2013-02-06 16:15 ` Kyle McMartin
2013-02-06 17:45 ` Stephan Mueller
2013-02-06 18:18 ` Kyle McMartin
2013-01-25 0:14 ` [PATCH] MODSIGN: flag modules that use cryptoapi and only panic if those are unsigned David Howells
2013-01-25 3:20 ` Matthew Garrett
2013-01-25 12:23 ` Stephan Mueller
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=51027E99.1060908@atsec.com \
--to=stephan.mueller@atsec.com \
--cc=dhowells@redhat.com \
--cc=jstancek@redhat.com \
--cc=kyle@redhat.com \
--cc=linux-kernel@vger.kernel.org \
--cc=rusty@rustcorp.com.au \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).