Please can we add these two patches below to F17 kernel, so there is possible at least basic FIPS mode testing? +++ This bug was initially created as a clone of Bug #830898 +++ Created attachment 590970 [details] kernel patch for aesni fips test Description of problem: There are no crypto tests for fips mode in crypto/testmgr.c for the aesni drivers, so they are 'failing' fips testing. ... --- Additional comment from mbroz on 2012-07-11 03:35:53 EDT --- Patch in crypto dev tree upstream http://git.kernel.org/?p=linux/kernel/git/herbert/cryptodev-2.6.git;a=commitdiff;h=6c79294f44fd7d1122cbaabff3b9815b074c0dd0 For debug kernel we need also this one http://git.kernel.org/?p=linux/kernel/git/herbert/cryptodev-2.6.git;a=commitdiff;h=bf084d8f6eb4ded3f90a6ab79bb682db00ebfbd4
(In reply to comment #0) > Please can we add these two patches below to F17 kernel, so there is possible > at least basic FIPS mode testing? Probably. If we add them, it would be across all branches though. > --- Additional comment from mbroz on 2012-07-11 03:35:53 EDT --- > > Patch in crypto dev tree upstream > http://git.kernel.org/?p=linux/kernel/git/herbert/cryptodev-2.6.git; > a=commitdiff;h=6c79294f44fd7d1122cbaabff3b9815b074c0dd0 > For debug kernel we need also this one > http://git.kernel.org/?p=linux/kernel/git/herbert/cryptodev-2.6.git; > a=commitdiff;h=bf084d8f6eb4ded3f90a6ab79bb682db00ebfbd4 I'm guessing these are both queued for 3.6? They seem like it could be sent to Linus for 3.5 still. Do you know if that is the plan?
This is applied for F16, F17, and Rawhide and should make the next builds of each.
kernel-3.4.5-2.fc17 has been submitted as an update for Fedora 17. https://admin.fedoraproject.org/updates/kernel-3.4.5-2.fc17
kernel-3.4.5-1.fc16 has been submitted as an update for Fedora 16. https://admin.fedoraproject.org/updates/kernel-3.4.5-1.fc16
the f16 is giving me: [paul@bofh ~]$ sudo rpm -hiv kernel-3.4.5-1.fc16.x86_64.rpm Preparing... ########################################### [100%] 1:kernel ########################################### [100%] grubby fatal error: unable to find a suitable template grubby fatal error: unable to find a suitable template grubby: doing this would leave no kernel entries. Not writing out new config. However, I did get a new entry in /boot/grub/menu.lst title Fedora (3.4.5-1.fc16.x86_64) root (hd0,0) kernel /vmlinuz-3.4.5-1.fc16.x86_64 ro root=UUID=697aee55-b0bc-4824-be3a-14e9ebea85b2 rd_NO_LUKS rd_NO_LVM rd_NO_MD rd_NO_DM LANG=en_US.UTF-8 SYSFONT=latarcyrheb-sun16 KEYTABLE=us rhgb quiet initrd /initramfs-3.4.5-1.fc16.x86_64.img I think these are grub vs grub2 messages and harmless. I will have to reboot the machine I'm typing on to verify fips mode works. On f17 thinkpad with AESNI, 2.4.5-2 works in fips mode! f17 VM also works fine.
Confirmed f16 works with fips mode. left karma
Package kernel-3.4.5-1.fc16: * should fix your issue, * was pushed to the Fedora 16 testing repository, * should be available at your local mirror within two days. Update it with: # su -c 'yum update --enablerepo=updates-testing kernel-3.4.5-1.fc16' as soon as you are able to, then reboot. Please go to the following url: https://admin.fedoraproject.org/updates/FEDORA-2012-10764/kernel-3.4.5-1.fc16 then log in and leave karma (feedback).
kernel-3.4.5-2.fc17 has been pushed to the Fedora 17 stable repository. If problems still persist, please make note of it in this bug report.
kernel-3.4.6-1.fc16 has been submitted as an update for Fedora 16. https://admin.fedoraproject.org/updates/kernel-3.4.6-1.fc16
kernel-3.4.6-1.fc16 has been pushed to the Fedora 16 stable repository. If problems still persist, please make note of it in this bug report.