crypto: api - Add fips_enable flag
Add the ability to turn FIPS-compliant mode on or off at boot In order to be FIPS compliant, several check may need to be preformed that may be construed as unusefull in a non-compliant mode. This patch allows us to set a kernel flag incating that we are running in a fips-compliant mode from boot up. It also exports that mode information to user space via a sysctl (/proc/sys/crypto/fips_enabled). Tested successfully by me. Signed-off-by: Neil Horman <nhorman@tuxdriver.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
This commit is contained in:
Neil Horman
27
crypto/fips.c
Normal file
27
crypto/fips.c
Normal file
@@ -0,0 +1,27 @@
|
||||
/*
|
||||
* FIPS 200 support.
|
||||
*
|
||||
* Copyright (c) 2008 Neil Horman <nhorman@tuxdriver.com>
|
||||
*
|
||||
* This program is free software; you can redistribute it and/or modify it
|
||||
* under the terms of the GNU General Public License as published by the Free
|
||||
* Software Foundation; either version 2 of the License, or (at your option)
|
||||
* any later version.
|
||||
*
|
||||
*/
|
||||
|
||||
#include "internal.h"
|
||||
|
||||
int fips_enabled;
|
||||
EXPORT_SYMBOL_GPL(fips_enabled);
|
||||
|
||||
/* Process kernel command-line parameter at boot time. fips=0 or fips=1 */
|
||||
static int fips_enable(char *str)
|
||||
{
|
||||
fips_enabled = !!simple_strtol(str, NULL, 0);
|
||||
printk(KERN_INFO "fips mode: %s\n",
|
||||
fips_enabled ? "enabled" : "disabled");
|
||||
return 1;
|
||||
}
|
||||
|
||||
__setup("fips=", fips_enable);
|
||||
Reference in New Issue
Block a user