Draft: redhat/configs: reenable FIPS at compile time for automotive
Upstream Status: RHEL Only
JIRA: https://issues.redhat.com/browse/RHEL-17427
Depends: !3413 (closed)
FIPS was previously disabled at compile time for automotive to help with the overall boot speed. Now that FIPS_SIGNATURE_SELFTESTS can be compiled as a module, that lets us reenable FIPS at compile time so that those tests are performed later during boot up so we can take advantage of the work that's done inside RHEL for FIPS if need be.
Current targets will boot with the following kernel parameters to disable FIPS at runtime without affecting the boot speed:
fips=0 cryptomgr.notests
If we get a platform that requires FIPS, then it can be enabled at runtime if need be.
Signed-off-by: Brian Masney bmasney@redhat.com
Edited by Brian Masney