mirror of
https://github.com/torvalds/linux.git
synced 2026-06-07 14:04:54 +02:00
109f31ac23
The FIPS lab is required to test the service indicators and version information services of the module, i.e. the fips140_is_approved_service() and fips140_module_version() functions. There are several ways we could support this: - Implement the tests in the module ourselves. However it's unclear that CMVP would allow this, and we would need the full list of tests, which could change over time depending on what the lab decides to do. - Support the lab writing, building, and loading a custom kernel module (or a custom kernel image) that tests these functions. - Provide a userspace interface to these services, restricted to builds with CONFIG_CRYPTO_FIPS140_MOD_EVAL_TESTING=y. This would allow writing the tests in userspace, which would be much easier. Implement the last solution, since it's the easier of the two solutions that are "guaranteed" to be allowed. Make the module register a char device which supports some ioctls, one per function that needs to be tested. Also provide some sample userspace code in samples/crypto/. Note: copy_to_user() would break the integrity check, so take some care to exclude it. This is allowed since this is non-production code. Bug: 188620248 Change-Id: Ic256d9c5bd4d0c57ede88a3e3e76e89554909b38 Signed-off-by: Eric Biggers <ebiggers@google.com> |
||
|---|---|---|
| .. | ||
| auxdisplay | ||
| binderfs | ||
| bpf | ||
| configfs | ||
| connector | ||
| crypto | ||
| ftrace | ||
| hidraw | ||
| hw_breakpoint | ||
| kdb | ||
| kfifo | ||
| kmemleak | ||
| kobject | ||
| kprobes | ||
| livepatch | ||
| mei | ||
| nitro_enclaves | ||
| pidfd | ||
| pktgen | ||
| qmi | ||
| rpmsg | ||
| seccomp | ||
| timers | ||
| trace_events | ||
| trace_printk | ||
| uhid | ||
| v4l | ||
| vfio-mdev | ||
| vfs | ||
| watch_queue | ||
| watchdog | ||
| Kconfig | ||
| Makefile | ||