APPLIED: [PATCH][UNSTABLE] UBUNTU: SAUCE: Enable fips mode by default, in FIPS kernels only
Dimitri John Ledkov
dimitri.ledkov at canonical.com
Wed Feb 7 01:01:16 UTC 2024
On Thu, 1 Feb 2024 at 13:19, Dimitri John Ledkov
<dimitri.ledkov at canonical.com> wrote:
>
> BugLink: https://bugs.launchpad.net/bugs/2049082
>
> Ensure that kernels built with CONFIG_CRYPTO_FIPS=y default to fips
> mode. Such that testing FIPS kernels in FIPS mode requires no
> additional bootloader configuration. This will ease testing,
> deployment, downgrades/upgrades, certification.
>
> Tested by building unstable kernel with a minimal FIPS configuration
> enabled, and observing that default boot goes into fips mode, as well
> as when fips=1 passed on the cmdline. Also verified that fips=0 turns
> off fips mode correctly.
>
> Signed-off-by: Dimitri John Ledkov <dimitri.ledkov at canonical.com>#
> ---
> crypto/fips.c | 3 ++-
> 1 file changed, 2 insertions(+), 1 deletion(-)
>
> diff --git a/crypto/fips.c b/crypto/fips.c
> index 92fd506abb..f358524aa3 100644
> --- a/crypto/fips.c
> +++ b/crypto/fips.c
> @@ -14,7 +14,8 @@
> #include <linux/notifier.h>
> #include <generated/utsrelease.h>
>
> -int fips_enabled;
> +/* LP: #2049082 UBUNTU: SAUCE: FIPS kernels default to FIPS mode */
> +int fips_enabled = 1;
> EXPORT_SYMBOL_GPL(fips_enabled);
>
> ATOMIC_NOTIFIER_HEAD(fips_fail_notif_chain);
> --
> 2.34.1
>
--
Dimitri
Sent from Ubuntu Pro
https://ubuntu.com/pro
More information about the kernel-team
mailing list