Re: crypto: FIPS 200 mode

From: Stephan Mueller
Date: Wed Mar 31 2021 - 03:52:15 EST

Next message: Wolfram Sang: "[PATCH RFT 0/2] i2c: tegra-bpmp: cleanups"
Previous message: Joel Stanley: "Re: [PATCH 3/3] ARM: dts: aspeed: add ASRock E3C246D4I BMC"
In reply to: Randy Dunlap: "crypto: FIPS 200 mode"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Am Dienstag, dem 30.03.2021 um 15:26 -0700 schrieb Randy Dunlap:
>
> The Kconfig help text for CRYPTO_FIPS says
>
> config CRYPTO_FIPS
>         bool "FIPS 200 compliance"
> ...
>         help
>           This option enables the fips boot option which is
>           required if you want the system to operate in a FIPS 200
>           certification. You should say no unless you know what
>           this is.
>
> This seems confusing to me since it says "compliance" in one place and
> "certification" in another place. And AFAICT, those two words don't
> mean the same thing as far as NIST & FIPS are concerned.
>
>
> Should it say "compliance" in both places? E.g.
>
>         help
>           This option enables the fips boot option which is
>           required if you want the system to operate in FIPS 200
>           compliance mode. You should say no unless you know what
>           this is.

Sounds good to me.

Ciao
Stephan
>
>
> thanks.

Next message: Wolfram Sang: "[PATCH RFT 0/2] i2c: tegra-bpmp: cleanups"
Previous message: Joel Stanley: "Re: [PATCH 3/3] ARM: dts: aspeed: add ASRock E3C246D4I BMC"
In reply to: Randy Dunlap: "crypto: FIPS 200 mode"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]