On Tue, Feb 24, 2026 at 05:55:17PM -0800, Eric Biggers wrote: > Let's be clear: this is possible only when the kernel has a stable ABI > to the crypto module, which realistically isn't something that is going > to be supported upstream. The Linux kernel is well-known for not > maintaining a stable in-kernel ABI, for good reasons. > > So, the only case where this feature would have a benefit over the > kernel's existing approach to FIPS 140 is in downstream kernels that > maintain a stable in-kernel ABI. There would be no benefit to direct > users of the mainline kernel or even the stable release series. > > For this to be considered for upstream there would need to be some level > of consensus in the community to support this feature despite this.
That's a very nice way to say this goes against all the established principles for kernel development.
