mirrors/flatcar-scripts
1
0
Fork 0
mirror of https://github.com/flatcar/scripts.git synced 2025-12-07 02:11:33 +01:00
Code Issues Packages Projects Releases Wiki Activity

sys-kernel: allow fips mode to be enabled

Browse Source 
With this kernel config, users can boot with fips=1 set in
`/usr/share/oem/grub.cfg`:
```
set linux_append="fips=1"
```

Which triggers various behaviors, for FIPS 200 certification.

with this config compiled in, and that boot parameter, users can can
that fips is enabled with:
```
flatcar ~ # cat /proc/sys/crypto/fips_enabled
1
```

Signed-off-by: Vincent Batts <vbatts@kinvolk.io>
This commit is contained in:
Vincent Batts 2020-08-27 22:12:26 -04:00
parent 8df0c7ae3d
commit 9eb0c12548
1 changed files with 1 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-modules/files/commonconfig-5.4 vendored
View File

@ -125,6 +125,7 @@ CONFIG_CPU_FREQ_STAT=y
CONFIG_CPU_FREQ=y
CONFIG_CPUSETS=y
# CONFIG_CROSS_MEMORY_ATTACH is not set
CONFIG_CRYPTO_FIPS=y
CONFIG_CRYPTO_CTS=m
CONFIG_CRYPTO_GCM=m
CONFIG_CRYPTO_HMAC=y