Draft: redhat/configs: reenable FIPS to automotive at compile time (!3410) · Merge requests · Red Hat / centos-stream / src / kernel / centos-stream-9

Brian Masney requested to merge bmasney/centos-stream-9:reenable-fips-testing into main-automotive Nov 27, 2023

Upstream Status: RHEL Only JIRA:

FIPS was previously disabled at compile time for automotive to help with the overall boot speed. There's some commits from upstream that can be backported to allow compiling the FIPS signature selftests as a module. This allows us to reenable FIPS at compile time so that those tests are performed later during boot up so we can take advantage of the work that's done inside RHEL for FIPS if need be.

Current targets will boot with the following kernel parameters to disable FIPS at runtime without affecting the boot speed:

fips=0 cryptomgr.notests

If we get a platform that requires FIPS, then it can be enabled at runtime if need be.

Signed-off-by: Brian Masney bmasney@redhat.com

Draft: redhat/configs: reenable FIPS to automotive at compile time

Merge request reports