[PATCH] Documentation: crypto: add info about "fips=" boot option
From: Randy Dunlap
Date: Tue Mar 30 2021 - 00:01:01 EST
Having just seen a report of using "fips=1" on the kernel command line,
I could not find it documented anywhere, so add some help for it.
Signed-off-by: Randy Dunlap <rdunlap@xxxxxxxxxxxxx>
Cc: Dexuan Cui <decui@xxxxxxxxxxxxx>
Cc: linux-crypto@xxxxxxxxxxxxxxx
Cc: Eric Biggers <ebiggers@xxxxxxxxxx>
Cc: Herbert Xu <herbert@xxxxxxxxxxxxxxxxxxx>
Cc: "David S. Miller" <davem@xxxxxxxxxxxxx>
Cc: Jonathan Corbet <corbet@xxxxxxx>
Cc: linux-doc@xxxxxxxxxxxxxxx
---
Updates/corrections welcome.
Documentation/admin-guide/kernel-parameters.txt | 15 ++++++++++++++
1 file changed, 15 insertions(+)
--- linux-next-20210329.orig/Documentation/admin-guide/kernel-parameters.txt
+++ linux-next-20210329/Documentation/admin-guide/kernel-parameters.txt
@@ -1370,6 +1370,21 @@
See Documentation/admin-guide/sysctl/net.rst for
fb_tunnels_only_for_init_ns
+ fips= Format: { 0 | 1}
+ Use to disable (0) or enable (1) FIPS mode.
+ If enabled, any process that is waiting on the
+ 'fips_fail_notif_chain' will be notified of fips
+ failures.
+ This setting can also be modified via sysctl at
+ /proc/sysctl/crypto/fips_enabled, i.e.,
+ crypto.fips_enabled.
+ If fips_enabled = 1, some crypto tests are skipped.
+ It can also effect which ECC curve is used.
+ If fips_enabled = 1 and a test fails, it will cause a
+ kernel panic.
+ If fips_enabled = 1, RSA test requires a key size of
+ 2K or larger.
+
floppy= [HW]
See Documentation/admin-guide/blockdev/floppy.rst.