| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <51027E99.1060908@atsec.com>
Date: Fri, 25 Jan 2013 13:46:17 +0100
From: Stephan Mueller <stephan.mueller@...ec.com>
To: Rusty Russell <rusty@...tcorp.com.au>
CC: Kyle McMartin <kyle@...hat.com>, linux-kernel@...r.kernel.org,
David Howells <dhowells@...hat.com>, jstancek@...hat.com
Subject: Re: [PATCH] MODSIGN: flag modules that use cryptoapi and only panic
if those are unsigned
On 25.01.2013 00:36:01, +0100, Rusty Russell <rusty@...tcorp.com.au> wrote:
Hi Rusty at al,
while we are at FIPS discussions, may I propose a slight fix because the
FIPS mode is not covering the FIPS 200 (a management system set of
requirements), but FIPS 140-2 covering implementation requirements for
cryptography.
Signed-off-by: Stephan Mueller <smueller@...onox.de>
--- Kconfig.orig 2013-01-25 13:42:54.649705380 +0100
+++ Kconfig 2013-01-25 13:43:16.737705712 +0100
@@ -22,11 +22,11 @@
comment "Crypto core or helper"
config CRYPTO_FIPS
- bool "FIPS 200 compliance"
+ bool "FIPS 140-2 compliance"
depends on CRYPTO_ANSI_CPRNG && !CRYPTO_MANAGER_DISABLE_TESTS
help
This options enables the fips boot option which is
- required if you want to system to operate in a FIPS 200
+ required if you want to system to operate in a FIPS 140-2
certification. You should say no unless you know what
this is.
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists