Re: crypto: FIPS 200 mode

[Stephan Mueller]

Am Dienstag, dem 30.03.2021 um 15:26 -0700 schrieb Randy Dunlap:
> 
> The Kconfig help text for CRYPTO_FIPS says
> 
> config CRYPTO_FIPS
> bool "FIPS 200 compliance"
> ...
> help
>   This option enables the fips boot option which is
>   required if you want the system to operate in a FIPS 200
>   certification.  You should say no unless you know what
>   this is.
> 
> This seems confusing to me since it says "compliance" in one place and
> "certification" in another place. And AFAICT, those two words don't
> mean the same thing as far as NIST & FIPS are concerned.
> 
> 
> Should it say "compliance" in both places?  E.g.
> 
> help
>   This option enables the fips boot option which is
>   required if you want the system to operate in FIPS 200
>   compliance mode.  You should say no unless you know what
>   this is.

Sounds good to me.

Ciao
Stephan
> 
> 
> thanks.

crypto: FIPS 200 mode

[Randy Dunlap]

The Kconfig help text for CRYPTO_FIPS says

config CRYPTO_FIPS
bool "FIPS 200 compliance"
...
help
  This option enables the fips boot option which is
  required if you want the system to operate in a FIPS 200
  certification.  You should say no unless you know what
  this is.

This seems confusing to me since it says "compliance" in one place and
"certification" in another place. And AFAICT, those two words don't
mean the same thing as far as NIST & FIPS are concerned.


Should it say "compliance" in both places?  E.g.

help
  This option enables the fips boot option which is
  required if you want the system to operate in FIPS 200
  compliance mode.  You should say no unless you know what
  this is.


thanks.
-- 
~Randy