ACK: [PATCH][UNSTABLE] UBUNTU: SAUCE: Enable fips mode by default, in FIPS kernels only
Andrei Gherzan
andrei.gherzan at canonical.com
Fri Feb 2 10:53:48 UTC 2024
On 24/02/01 01:19PM, Dimitri John Ledkov wrote:
> BugLink: https://bugs.launchpad.net/bugs/2049082
>
> Ensure that kernels built with CONFIG_CRYPTO_FIPS=y default to fips
> mode. Such that testing FIPS kernels in FIPS mode requires no
> additional bootloader configuration. This will ease testing,
> deployment, downgrades/upgrades, certification.
>
> Tested by building unstable kernel with a minimal FIPS configuration
> enabled, and observing that default boot goes into fips mode, as well
> as when fips=1 passed on the cmdline. Also verified that fips=0 turns
> off fips mode correctly.
>
> Signed-off-by: Dimitri John Ledkov <dimitri.ledkov at canonical.com>#
> ---
> crypto/fips.c | 3 ++-
> 1 file changed, 2 insertions(+), 1 deletion(-)
>
> diff --git a/crypto/fips.c b/crypto/fips.c
> index 92fd506abb..f358524aa3 100644
> --- a/crypto/fips.c
> +++ b/crypto/fips.c
> @@ -14,7 +14,8 @@
> #include <linux/notifier.h>
> #include <generated/utsrelease.h>
>
> -int fips_enabled;
> +/* LP: #2049082 UBUNTU: SAUCE: FIPS kernels default to FIPS mode */
> +int fips_enabled = 1;
> EXPORT_SYMBOL_GPL(fips_enabled);
>
> ATOMIC_NOTIFIER_HEAD(fips_fail_notif_chain);
Acked-by: Andrei Gherzan <andrei.gherzan at canonical.com>
--
Andrei Gherzan
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: not available
URL: <https://lists.ubuntu.com/archives/kernel-team/attachments/20240202/d47773f9/attachment.sig>
More information about the kernel-team
mailing list