On 05/09/2025 00:14, Randy Dunlap wrote:
On 9/4/25 8:52 AM, Vegard Nossum wrote:
+``fips140.ko`` is not really an ordinary kernel module -- it is not
+meant to be loaded with ``modprobe`` or ``insmod``; instead, it is
+embedded into the ``vmlinux`` image at build time. This avoid any
+chicken-and-egg issues around how to verify cryptographic signatures
+without using unverified crypto code. ``fips140.ko`` is loaded during
+early boot -- before any crypto code is used by the kernel.
Hm, I was going to look at how that is done, but I cannot find any
downloadable fips140 source code. Is it available for free download
somewhere?
Is it GPL-v2 licensed?
Yes, it's the existing kernel crypto code but built as an external/out-
of-tree module.
+References
+==========
+
+.. [#fips140] <https://csrc.nist.gov/pubs/fips/140-3/final>
+.. [#static_call] <https://lwn.net/Articles/815908/>
Where are the other 103 patches?
Sorry, I guess git-send-email doesn't add everybody from individual
patches to the entire series. Here's the top of the thread with more of
an intro:
https://lore.kernel.org/all/20250904155216.460962-1-vegard.nos...@oracle.com/
Vegard
