crypto: api - Add fips_enable flag
Add the ability to turn FIPS-compliant mode on or off at boot In order to be FIPS compliant, several check may need to be preformed that may be construed as unusefull in a non-compliant mode. This patch allows us to set a kernel flag incating that we are running in a fips-compliant mode from boot up. It also exports that mode information to user space via a sysctl (/proc/sys/crypto/fips_enabled). Tested successfully by me. Signed-off-by: Neil Horman <nhorman@tuxdriver.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Este cometimento está contido em:
Neil Horman
cometido por
Herbert Xu
Herbert Xu
ascendente
5be5e667a9
cometimento
ccb778e184
@@ -21,6 +21,14 @@ if CRYPTO
|
||||
|
||||
comment "Crypto core or helper"
|
||||
|
||||
config CRYPTO_FIPS
|
||||
bool "FIPS 200 compliance"
|
||||
help
|
||||
This options enables the fips boot option which is
|
||||
required if you want to system to operate in a FIPS 200
|
||||
certification. You should say no unless you know what
|
||||
this is.
|
||||
|
||||
config CRYPTO_ALGAPI
|
||||
tristate
|
||||
help
|
||||
|
||||
Criar uma nova questão referindo esta
Bloquear um utilizador