Greg Kroah-Hartman <gregkh@xxxxxxxxxxxxxxxxxxx> wrote: > Also, why does any of this have to be in the kernel at all? The kernel has had random(4) since Ted invented it sometime in the 90s. There's no question it's a good idea; that's why all the BSDs & some others have copied it. The only questions here are whether it could be made FIPS compliant & whether it should be. > If FIPS requires a deterministic random number generator > that will not allow entropy to be acquired from hardware > or external inputs, It doesn't require that at all; in fact their DRNG design requires an external source of random bits. However, it requires that the source be certified & that would be a problem for us. Intel & others might be able to get their random number instructions certified and vendors of crypto or SOC chips might get theirs certified, but the kernel community could not do that. I think the kernel's entropy collection routines are good enough that they could, in principle, be certified, but that would involve some work & considerable money. > why does the > kernel care at all? Just write a fips_random.so library and get it > certified and have any userspace code that cares about such a crazy > thing to use that instead. That does not solve the problem. The library would also need a certified source of random inputs, so to get it certified you'd have to get something else certified first -- random(4), an instruction or a hardware rng.
