ACK: [PATCH][UNSTABLE] UBUNTU: SAUCE: Enable fips mode by default, in FIPS kernels only
Tim Gardner
tim.gardner at canonical.com
Tue Feb 6 16:33:01 UTC 2024
On 2/1/24 6:19 AM, Dimitri John Ledkov wrote:
> BugLink: https://bugs.launchpad.net/bugs/2049082
>
> Ensure that kernels built with CONFIG_CRYPTO_FIPS=y default to fips
> mode. Such that testing FIPS kernels in FIPS mode requires no
> additional bootloader configuration. This will ease testing,
> deployment, downgrades/upgrades, certification.
>
> Tested by building unstable kernel with a minimal FIPS configuration
> enabled, and observing that default boot goes into fips mode, as well
> as when fips=1 passed on the cmdline. Also verified that fips=0 turns
> off fips mode correctly.
>
> Signed-off-by: Dimitri John Ledkov <dimitri.ledkov at canonical.com>#
> ---
> crypto/fips.c | 3 ++-
> 1 file changed, 2 insertions(+), 1 deletion(-)
>
> diff --git a/crypto/fips.c b/crypto/fips.c
> index 92fd506abb..f358524aa3 100644
> --- a/crypto/fips.c
> +++ b/crypto/fips.c
> @@ -14,7 +14,8 @@
> #include <linux/notifier.h>
> #include <generated/utsrelease.h>
>
> -int fips_enabled;
> +/* LP: #2049082 UBUNTU: SAUCE: FIPS kernels default to FIPS mode */
> +int fips_enabled = 1;
> EXPORT_SYMBOL_GPL(fips_enabled);
>
> ATOMIC_NOTIFIER_HEAD(fips_fail_notif_chain);
Acked-by: Tim Gardner <tim.gardner at canonical.com>
--
-----------
Tim Gardner
Canonical, Inc
More information about the kernel-team
mailing list