Re: [PATCH] crypto: af_alg - Document the deprecation of AF_ALG

[Jeff Barnes]

On May 4 2026, at 10:39 am, Jon Kohler <jon@xxxxxxxxxxx> wrote:

>  
> Quick passing observation
> I noticed that when attempting to completely disable these Crypto APIs,
> I was experiencing boot failures with fips=1 enabled systems.
>  
> Using 6.18-based kernel with an el9-based user space, I see the
> following hang in the early boot console from dracut-pre-pivot:
>  Check integrity of kernel
>  libkcapi - Error: AF_ALG: socket syscall failed (errno: -97)
>  Allocation of hmac(sha512) cipher failed (-97)

One thing that for certain that would cause this panic is the sha512hmac
binary that does the fips integrity check. On many distros this check is
called, for example by dracut among others, during initramfs to check
the integrity of the kernel before any crypto is used. On failure, the
kernel won't finish boot.

sha512hmac is a binary shipped with kcapitools. It uses libkcapi.

sha512hmac -> libkcapi -> AF_ALG.

Is there a planned replacement for this integrity check? I don't know of
anybody doing this for FIPS yet, but is there a case where IMA / EVM
could be a workaround?

Regards,
Jeff

>  
> I haven't looked at every elX version, but at least in el9 and el10,
> they use libkcapi-hmaccalc to provide sha512hmac, which dracut [1]
> uses to calculate the HMAC value in do_fips().
>  
> Digging further, I was only able to disable RNG and AEAD APIs, but
> not HASH and SKCIPHER APIs when FIPS was in the picture with el9++.
>  
> I’m not sure how other distros do the same, but this could be problematic
> elsehwere if other distros went down the libkcapi route.
>  
> [1] https://github.com/dracutdevs/dracut/blob/059/modules.d/01fips/fips.sh#L167
>  
>