Add Kconfig option `CRYPTO_FIPS140_EXTMOD` to enable standalone crypto module support that can override built-in cryptographic implementations.
Currently supports X86_64 and ARM64 architectures and requires CRYPTO and MODULES to be enabled. Signed-off-by: Jay Wang <[email protected]> --- crypto/Kconfig | 1 + crypto/fips140/Kconfig | 15 +++++++++++++++ 2 files changed, 16 insertions(+) create mode 100644 crypto/fips140/Kconfig diff --git a/crypto/Kconfig b/crypto/Kconfig index e2b4106ac961..b4ce3c1cfa1b 100644 --- a/crypto/Kconfig +++ b/crypto/Kconfig @@ -1415,6 +1415,7 @@ endif endif source "drivers/crypto/Kconfig" +source "crypto/fips140/Kconfig" source "crypto/asymmetric_keys/Kconfig" source "certs/Kconfig" source "crypto/krb5/Kconfig" diff --git a/crypto/fips140/Kconfig b/crypto/fips140/Kconfig new file mode 100644 index 000000000000..0665e94b9fe0 --- /dev/null +++ b/crypto/fips140/Kconfig @@ -0,0 +1,15 @@ +config CRYPTO_FIPS140_EXTMOD + bool "FIPS 140 compliant algorithms as a kernel module" + depends on CRYPTO && (X86_64 || ARM64) && MODULES + select CRYPTO_FIPS + help + This option enables building a kernel module that contains + copies of crypto algorithms that are built in a way that + complies with the FIPS 140 standard. + + The module registers the algorithms it contains with the + kernel crypto API, and the kernel crypto API's FIPS 140 mode + can be enabled to restrict crypto algorithm usage to only + those provided by this module. + + If unsure, say N. -- 2.47.3
