Re: Linux messages full of `random: get_random_u32 called from`

From: Pavel Machek
Date: Thu May 03 2018 - 02:19:32 EST

Next message: Jeffy Chen: "[PATCH] pinctrl: rockchip: Disable interrupt when changing it's capability"
Previous message: Ms. Ella Golan: "RESPONSE"
In reply to: Theodore Y. Ts'o: "Re: Linux messages full of `random: get_random_u32 called from`"
Next in thread: Justin Forbes: "Re: Linux messages full of `random: get_random_u32 called from`"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Wed 2018-05-02 18:25:22, Theodore Y. Ts'o wrote:
> On Wed, May 02, 2018 at 10:49:34AM -0700, Laura Abbott wrote:
> >
> > It is a Fedora patch we're carrying
> > https://src.fedoraproject.org/rpms/libgcrypt/blob/master/f/libgcrypt-1.6.2-fips-ctor.patch#_23
> > so yes, it is a Fedora specific use case.
> > From talking to the libgcrypt team, this is a FIPS mode requirement
> > to run power on self test at the library constructor and the self
> > test of libgrcypt ends up requiring a fully seeded RNG. Citation
> > is in section 9.10 of
> > https://csrc.nist.gov/CSRC/media/Projects/Cryptographic-Module-Validation-Program/documents/fips140-2/FIPS1402IG.pdf
>
> Forgive me if this is a stupid question, but does Fedora need FIPS
> compliance? Or is this something which is only required for RHEL?

If RHEL needs it, Fedora needs it, too -- as Fedora is a beta test for
RHEL.

Pavel
--
(english) http://www.livejournal.com/~pavelmachek
(cesky, pictures) http://atrey.karlin.mff.cuni.cz/~pavel/picture/horses/blog.html

Attachment: signature.asc
Description: Digital signature

Next message: Jeffy Chen: "[PATCH] pinctrl: rockchip: Disable interrupt when changing it's capability"
Previous message: Ms. Ella Golan: "RESPONSE"
In reply to: Theodore Y. Ts'o: "Re: Linux messages full of `random: get_random_u32 called from`"
Next in thread: Justin Forbes: "Re: Linux messages full of `random: get_random_u32 called from`"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]