Re: 6.17 crashes in ipv6 code when booted fips=1 [was: [GIT PULL] Crypto Update for 6.17]

Next message: Lukas Wunner: "Re: [PATCH v4 01/10] PCI: Avoid saving error values for config space"
Previous message: Sean Christopherson: "Re: [PATCH v2 13/13] KVM: selftests: Verify that reads to inaccessible guest_memfd VMAs SIGBUS"
In reply to: Vegard Nossum: "Re: 6.17 crashes in ipv6 code when booted fips=1 [was: [GIT PULL] Crypto Update for 6.17]"
Next in thread: Simo Sorce: "Re: 6.17 crashes in ipv6 code when booted fips=1 [was: [GIT PULL] Crypto Update for 6.17]"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

From: Eric Biggers

Date: Mon Oct 06 2025 - 15:26:25 EST

On Mon, Oct 06, 2025 at 09:11:41PM +0200, Vegard Nossum wrote:
> The fact is that fips=1 is not useful if it doesn't actually result
> something that complies with the standard; the only purpose of fips=1 is
> to allow the kernel to be used and certified as a FIPS module.

Don't all the distros doing this actually carry out-of-tree patches to
fix up some things required for certification that upstream has never
done? So that puts the upstream fips=1 support in an awkward place,
where it's always been an unfinished (and undocumented) feature.

- Eric