Re: [PATCH] MODSIGN: flag modules that use cryptoapi and only panicif those are unsigned

[Stephan Mueller]

On 25.01.2013 00:36:01, +0100, Rusty Russell <rusty@xxxxxxxxxxxxxxx> wrote:

Hi Rusty at al,

while we are at FIPS discussions, may I propose a slight fix because the
FIPS mode is not covering the FIPS 200 (a management system set of
requirements), but FIPS 140-2 covering implementation requirements for
cryptography.

Signed-off-by: Stephan Mueller <smueller@xxxxxxxxxx>

--- Kconfig.orig        2013-01-25 13:42:54.649705380 +0100
+++ Kconfig     2013-01-25 13:43:16.737705712 +0100
@@ -22,11 +22,11 @@
 comment "Crypto core or helper"

 config CRYPTO_FIPS
-       bool "FIPS 200 compliance"
+       bool "FIPS 140-2 compliance"
        depends on CRYPTO_ANSI_CPRNG && !CRYPTO_MANAGER_DISABLE_TESTS
        help
          This options enables the fips boot option which is
-         required if you want to system to operate in a FIPS 200
+         required if you want to system to operate in a FIPS 140-2
          certification.  You should say no unless you know what
          this is.
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/