From: Vladis Dronov on gitlab.com Merge Request: https://gitlab.com/cki-project/kernel-ark/-/merge_requests/1125 ``` Currently a number of FIPS-allowed algorithms are built as modules or are not enabled in Fedora and ARK. This can result in a panic while booting in the FIPS mode. Fix this by embedding the FIPS-allowed algorithms, modes and templates into a kernel, the same way as CTC, CBC and other algorithms already do. The below is a detailed description of a current state and changes suggested in this patchset in a readable form: $ git grep CRYPTO_SHA3 common/generic/CONFIG_CRYPTO_SHA3:CONFIG_CRYPTO_SHA3=m ### should be =y $ git grep CRYPTO_RSA fedora/generic/CONFIG_CRYPTO_RSA:CONFIG_CRYPTO_RSA=y ### unify, set =y $ git grep CRYPTO_NULL fedora/generic/CONFIG_CRYPTO_NULL:CONFIG_CRYPTO_NULL=y ### should be common $ git grep -e 'CRYPTO_\(ECB\|CBC\|CTR\|XTS\|GCM\|CCM\|AUTH\|HMAC\|CMAC\|OFB\|CTS\)' ark/generic/CONFIG_CRYPTO_XTS:CONFIG_CRYPTO_XTS=m ### unify, set to =y fedora/generic/CONFIG_CRYPTO_XTS:CONFIG_CRYPTO_XTS=y ### unify, set to =y common/generic/CONFIG_CRYPTO_CCM:CONFIG_CRYPTO_CCM=m ### set to =y common/generic/CONFIG_CRYPTO_AUTHENC:CONFIG_CRYPTO_AUTHENC=m ### set to =y common/generic/CONFIG_CRYPTO_CMAC:CONFIG_CRYPTO_CMAC=m ### set to =y common/generic/CONFIG_CRYPTO_OFB:CONFIG_CRYPTO_OFB=m ### set to =y Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1947240 Signed-off-by: Vladis Dronov <vdronov@xxxxxxxxxx> ``` _______________________________________________ kernel mailing list -- kernel@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to kernel-leave@xxxxxxxxxxxxxxxxxxxxxxx Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/kernel@xxxxxxxxxxxxxxxxxxxxxxx Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
