Override drivers/char/random RNGs with the FIPS RNG - Required for FIPS certification
Hello experts,
3 years back, RHEL FIPS certification effort ran into an show-stopper with
/dev/urandom and getrandom(2) not being FIPS-compliant. They came up with a patch to override random with FIPS RNG in FIPS mode.
https://gitlab.com/cki-project/kernel-ark/-/merge_requests/1304
May I request some additional information about this.
(a) Is this patch applicable to only RHEL or are other flavors also require this to secure FIPS certification successfully?
Regardless of above query, I just tried to patch this on vanilla 5.10.209 kernel (kernel.org), but I found context mismatch. Lines surrounding the new changes donot match with the current state of the file (example, drivers/char/random.c). New/different APIs are used in file_operations structure function pointer initialization (just an example).
(b) Is there any patch available for kernel 5.10.209? If the answer is NO, is it safe to patch manually in 5.10.209 kernel (assuming the issue is common across all linux flavors)?
(c) Can we achieve this through available linux configuration (5.10.209)?
Thanking you in advance. Apologies, if I missed any required formatting.
Sanjib
Categories
- All Categories
- 177 LFX Mentorship
- 177 LFX Mentorship: Linux Kernel
- 766 Linux Foundation IT Professional Programs
- 378 Cloud Engineer IT Professional Program
- 174 Advanced Cloud Engineer IT Professional Program
- 75 DevOps IT Professional Program - Discontinued
- 7 DevOps & GitOps IT Professional Program
- 101 Cloud Native Developer IT Professional Program
- 7.6K Training Courses & Learning Paths
- 4 AI & ML Training
- 1 Blockchain & Decentralized Identity Training
- 10 Cloud & Containers Training
- 1 Cybersecurity Training
- 2 DevOps & Site-Reliability Training
- 1 Linux Kernel Development Training
- 1 Networking Training
- 2 Open Source Best Practice Training
- 2 System Administration Training
- 1 System Engineering Training
- 1 Web & Application Development Training
- 796 Hardware
- 202 Drivers
- 68 I/O Devices
- 37 Monitors
- 95 Multimedia
- 173 Networking
- 91 Printers & Scanners
- 91 Storage
- 770 Linux Distributions
- 81 Debian
- 68 Fedora
- 23 Linux Mint
- 13 Mageia
- 24 openSUSE
- 150 Red Hat Enterprise
- 31 Slackware
- 13 SUSE Enterprise
- 356 Ubuntu
- 465 Linux System Administration
- 31 Cloud Computing
- 73 Command Line/Scripting
- Github systems admin projects
- 98 Linux Security
- 78 Network Management
- 101 System Management
- 46 Web Management
- 116 Mobile Computing
- 20 Android
- 81 Development
- 1.2K New to Linux
- 1K Getting Started with Linux
- 395 Off Topic
- 121 Introductions
- 30 Study Material
- 997 Programming and Development
- 310 Kernel Development
- 669 Software Development
- 1K Software
- 397 Applications
- 182 Command Line
- 5 Compiling/Installing
- 69 Games
- 318 Installation
- Archived
- 183 Small Talk
- 2 LFD140 Class Forum
- 1.4K LFS258 Class Forum
Upcoming Training
-
August 20, 2018
Kubernetes Administration (LFS458)
-
August 20, 2018
Linux System Administration (LFS301)
-
August 27, 2018
Open Source Virtualization (LFS462)
-
August 27, 2018
Linux Kernel Debugging and Security (LFD440)