Draft: redhat/configs: reenable FIPS at compile time for automotive (!3414) · Merge requests · Red Hat / centos-stream / src / kernel / centos-stream-9

Brian Masney requested to merge bmasney/centos-stream-9:auto-reenable-fips into main-automotive Nov 27, 2023

Upstream Status: RHEL Only

JIRA: https://issues.redhat.com/browse/RHEL-17427

FIPS was previously disabled at compile time for automotive to help with the overall boot speed. Now that FIPS_SIGNATURE_SELFTESTS can be compiled as a module, that lets us reenable FIPS at compile time so that those tests are performed later during boot up so we can take advantage of the work that's done inside RHEL for FIPS if need be.

Current targets will boot with the following kernel parameters to disable FIPS at runtime without affecting the boot speed:

fips=0 cryptomgr.notests

If we get a platform that requires FIPS, then it can be enabled at runtime if need be.

Signed-off-by: Brian Masney bmasney@redhat.com

Edited Nov 27, 2023 by Brian Masney

Draft: redhat/configs: reenable FIPS at compile time for automotive

Merge request reports