On Tuesday 30 September 2008 18:30:29 Will Woods wrote: > - Any features that will need close attention between now and Preview? This is not a Fedora Feature (yet) but it is something we are curious about...libgcrypt has been updated to support FIPS-140-2. The way that we've worked things to enable FIPS mode is to add a fips=1 to the grub kernel boot params. However, that is not scheduled to be in a kernel until 2.6.28 (we wished the Fedora 10 kernel were patched so deeper testing could be done). In the meantime, libgcrypt in rawhide/F-10 does have a way of forcing the FIPS mode: touch /etc/gcrypt/fips140.force This causes it to disable certain non-FIPS approved algorithms and enable startup and continuous cryptographic tests. Any problems in applications will be noted in syslog. We know that FIPS mode breaks gnutls and everything linked to it. We don't know what else is potentially broken. We need every application linked to libgcrypt to either work as advertised or output a reasonable error message saying why it doesn't work - iow it depends exclusively on algorthims or keysizes that are forbidden by FIPS. The docs for gcrypt have been updated and explains in a lot more detail how things work (also required for FIPS). So, that should help fix apps. This is not mandatory to be working at F-10 release since the kernel support is still way off in the future. (We'll probablys start a F-11 feature page for this soon.) I expect a fair amount of breakage and would like a head start on making things work. No one should see any ill effects when not in FIPS mode, which is the way we expect everyone to run today. Thanks, -Steve -- fedora-test-list mailing list fedora-test-list@xxxxxxxxxx To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-test-list
