[PATCH][UNSTABLE] UBUNTU: SAUCE: Enable fips mode by default, in FIPS kernels only
Dimitri John Ledkov
dimitri.ledkov at canonical.com
Thu Feb 1 13:19:35 UTC 2024
BugLink: https://bugs.launchpad.net/bugs/2049082
Ensure that kernels built with CONFIG_CRYPTO_FIPS=y default to fips
mode. Such that testing FIPS kernels in FIPS mode requires no
additional bootloader configuration. This will ease testing,
deployment, downgrades/upgrades, certification.
Tested by building unstable kernel with a minimal FIPS configuration
enabled, and observing that default boot goes into fips mode, as well
as when fips=1 passed on the cmdline. Also verified that fips=0 turns
off fips mode correctly.
Signed-off-by: Dimitri John Ledkov <dimitri.ledkov at canonical.com>#
---
crypto/fips.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/crypto/fips.c b/crypto/fips.c
index 92fd506abb..f358524aa3 100644
--- a/crypto/fips.c
+++ b/crypto/fips.c
@@ -14,7 +14,8 @@
#include <linux/notifier.h>
#include <generated/utsrelease.h>
-int fips_enabled;
+/* LP: #2049082 UBUNTU: SAUCE: FIPS kernels default to FIPS mode */
+int fips_enabled = 1;
EXPORT_SYMBOL_GPL(fips_enabled);
ATOMIC_NOTIFIER_HEAD(fips_fail_notif_chain);
--
2.34.1
More information about the kernel-team
mailing list