sys-kernel: allow fips mode to be enabled

With this kernel config, users can boot with fips=1 set in `/usr/share/oem/grub.cfg`: ``` set linux_append="fips=1" ``` Which triggers various behaviors, for FIPS 200 certification. with this config compiled in, and that boot parameter, users can can that fips is enabled with: ``` flatcar ~ # cat /proc/sys/crypto/fips_enabled 1 ```
2025-08-17 01:46:58 +02:00 · 2022-01-31 14:58:06 +01:00 · 2022-01-31 14:58:06 +01:00 · 38a01288e1
commit 38a01288e1
parent 19a486c58d
2 changed files with 2 additions and 0 deletions
--- a/sdk_container/src/third_party/coreos-overlay/changelog/changes/2022-01-31-enable-fips-kernel.md
+++ b/sdk_container/src/third_party/coreos-overlay/changelog/changes/2022-01-31-enable-fips-kernel.md
@ -0,0 +1 @@
+- Enabled the FIPS support for the Linux kernel, which users can now choose through a kernel parameter in `grub.cfg` (check it taking effect with `cat /proc/sys/crypto/fips_enabled`) ([PR#1602](https://github.com/flatcar-linux/coreos-overlay/pull/1602))
--- a/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-modules/files/commonconfig-5.15
+++ b/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-modules/files/commonconfig-5.15
@ -126,6 +126,7 @@ CONFIG_CPU_FREQ_GOV_USERSPACE=m
 CONFIG_CPU_FREQ_STAT=y
 # CONFIG_CROSS_MEMORY_ATTACH is not set
 CONFIG_CRYPTO_CTS=m
+CONFIG_CRYPTO_FIPS=y
 CONFIG_CRYPTO_GCM=m
 CONFIG_CRYPTO_HMAC=y
 CONFIG_CRYPTO_LZO=m
				`@ -0,0 +1 @@`
				- Enabled the FIPS support for the Linux kernel, which users can now choose through a kernel parameter in `grub.cfg` (check it taking effect with `cat /proc/sys/crypto/fips_enabled`) ([PR#1602](https://github.com/flatcar-linux/coreos-overlay/pull/1602))