Linus Torvalds <torvalds@xxxxxxxxxxxxxxxxxxxx> wrote:
> Hmm. So this thing makes me wonder:
>
> /* Not having a signature is only an error if we're strict. */
> if (err < 0 && fips_enabled)
> panic("Module verification failed with error %d in FIPS mode\n",
> err);
>
> do we really want to panic (even in fips_enabled mode)?
That's what the FIPS people want. As I understand it, if there's some
indication that the crypto stuff is compromised, the box should be shut down
immediately.
I've added Stephan Mueller to see if he can illuminate further.
David
--
To unsubscribe from this list: send the line "unsubscribe linux-crypto" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
