Re: [PATCH] os: deprecate the -enable-fips option and QEMU's FIPS enforcement

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

On 20/10/20 18:22, Daniel P. Berrangé wrote:
> @@ -153,6 +153,9 @@ int os_parse_cmd_args(int index, const char *optarg)
>          break;
>  #if defined(CONFIG_LINUX)
>      case QEMU_OPTION_enablefips:
> +        warn_report("-enable-fips is deprecated, please build QEMU with "
> +                    "the `libgcrypt` library as the cryptography provider "
> +                    "to enable FIPS compliance");
>          fips_set_state(true);
>          break;
>  #endif

Should you also remove fips_set_state(true) and make fips_get_state()
return the contents of /proc/sys/crypto/fips_enabled, so that VNC
password authentication is disabled?

Paolo
[Index of Archives]     [Virt Tools]     [Libvirt Users]     [Lib OS Info]     [Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Big List of Linux Books]     [Yosemite News]     [KDE Users]     [Fedora Tools]

  Powered by Linux