From: Vladis Dronov on gitlab.com
https://gitlab.com/cki-project/kernel-ark/-/merge_requests/2930#note_1766488578
lgtm, approved.
--
___
kernel mailing list -- kernel@lists.fedoraproject.org
To unsubscribe send an email to
From: Vladis Dronov on gitlab.com
https://gitlab.com/cki-project/kernel-ark/-/merge_requests/2757#note_1613420754
reviewed, lgtm, approving. thanks, Herbert @herbert.xu2!
___
kernel mailing list -- kernel@lists.fedoraproject.org
To unsubscribe send an
From: Vladis Dronov on gitlab.com
https://gitlab.com/cki-project/kernel-ark/-/merge_requests/2757#note_1613416986
hi, Herbert, thank you for the patchset. i'm looking at "changes that were
made after the kernel-ark revert". especially, at
From: Vladis Dronov on gitlab.com
https://gitlab.com/cki-project/kernel-ark/-/merge_requests/2738#note_1595895037
lgtm re: crypto
___
kernel mailing list -- kernel@lists.fedoraproject.org
To unsubscribe send an email to
From: Vladis Dronov on gitlab.com
https://gitlab.com/cki-project/kernel-ark/-/merge_requests/2691#note_1544178460
super, thanks, @ptalbert
___
kernel mailing list -- kernel@lists.fedoraproject.org
To unsubscribe send an email to
From: Vladis Dronov on gitlab.com
https://gitlab.com/cki-project/kernel-ark/-/merge_requests/2691#note_1542600905
shouldn't `CONFIG_CRYPTO_AES_ARM64=y` be merged from `redhat/configs/fedora/`
and `redhat/configs/rhel` into `redhat/configs/common`? lgtm otherwise.
From: Vladis Dronov on gitlab.com
https://gitlab.com/cki-project/kernel-ark/-/merge_requests/2652#note_1532329363
lgtm for crypto and security.
___
kernel mailing list -- kernel@lists.fedoraproject.org
To unsubscribe send an email to
From: Vladis Dronov on gitlab.com
https://gitlab.com/cki-project/kernel-ark/-/merge_requests/2599#note_1467451177
lgtm, thanks, @coxu
___
kernel mailing list -- kernel@lists.fedoraproject.org
To unsubscribe send an email to
From: Vladis Dronov on gitlab.com
https://gitlab.com/cki-project/kernel-ark/-/merge_requests/2487#note_1401765780
ack for crypto bits
___
kernel mailing list -- kernel@lists.fedoraproject.org
To unsubscribe send an email to
From: Vladis Dronov
redhat/configs: Fix incorrect configs location and content
These are fixes identified by the Red Hat config files verification
tool: https://gitlab.com/cki-project/kernel-webhooks/-/issues/387
This commit fixes the following problems. Two ':' separators in a row
in
From: Vladis Dronov
redhat/configs: CONFIG_CRYPTO_SM3_AVX_X86_64 is x86 only
Move the CONFIG_CRYPTO_SM3_AVX_X86_64 config file into
rhel/generic/x86/, the same way it is done for Fedora.
Signed-off-by: Vladis Dronov
diff --git a/redhat/configs/rhel/generic/CONFIG_CRYPTO_SM3_AVX_X86_64
From: Vladis Dronov on gitlab.com
https://gitlab.com/cki-project/kernel-ark/-/merge_requests/2348#note_1302053828
@ptalbert I guess, this is a question to @msalter, if the invention was to
enable HP_ILO in C9S/RHEL only or in Fedora also. I couldn't derive this from
the initial config file
From: Vladis Dronov on gitlab.com
https://gitlab.com/cki-project/kernel-ark/-/merge_requests/2348#note_1300124171
hi, @msalter, Could you please have a look at this mr?
___
kernel mailing list -- kernel@lists.fedoraproject.org
To unsubscribe send an
From: Vladis Dronov on gitlab.com
https://gitlab.com/cki-project/kernel-ark/-/merge_requests/2347#note_1299404567
thanks!
___
kernel mailing list -- kernel@lists.fedoraproject.org
To unsubscribe send an email to kernel-le...@lists.fedoraproject.org
From: Vladis Dronov
redhat/configs: CONFIG_HP_ILO location fix
Move the CONFIG_HP_ILO config file into a proper location.
Signed-off-by: Vladis Dronov
diff --git a/redhat/configs/generic/aarch64/CONFIG_HP_ILO
b/redhat/configs/common/generic/arm/aarch64/CONFIG_HP_ILO
rename from
From: Vladis Dronov on gitlab.com
https://gitlab.com/cki-project/kernel-ark/-/merge_requests/2347#note_1299289224
if we're doing this in `common/generic/`, don't we need to kill
'fedora/generic/' ones?
```
fedora/generic/x86/CONFIG_CRYPTO_SM4_AESNI_AVX2_X86_64:#
From: Vladis Dronov on gitlab.com
https://gitlab.com/cki-project/kernel-ark/-/merge_requests/2225#note_1226412092
agreed with Ondrej, the path in a second chunk is not correct. it should be:
redhat/configs/fedora/generic/CONFIG_CRYPTO_CURVE25519 ->
From: Vladis Dronov on gitlab.com
https://gitlab.com/cki-project/kernel-ark/-/merge_requests/2109#note_1140343446
thanks a ton, Prarit @prarit, Herton @hertonrk-rh!
___
kernel mailing list -- kernel@lists.fedoraproject.org
To unsubscribe send an email
From: Vladis Dronov
Adjust FIPS module name in RHEL
This is the third part of a change adding FIPS module name to ARK and
a follow-up for these ARK commits:
5a44749f65b2 crypto: fips - make proc files report fips module name and version
4221aaa7fa3b Add new FIPS module name and version configs
From: Vladis Dronov on gitlab.com
https://gitlab.com/cki-project/kernel-ark/-/merge_requests/2041#note_1124246614
"Commits: 3189". this MR may want to be rebased.
___
kernel mailing list -- kernel@lists.fedoraproject.org
To unsubscribe send an email
From: Vladis Dronov on gitlab.com
https://gitlab.com/cki-project/kernel-ark/-/merge_requests/2021#note_1105910987
thanks! resolving the thread.
___
kernel mailing list -- kernel@lists.fedoraproject.org
To unsubscribe send an email to
From: Vladis Dronov on gitlab.com
https://gitlab.com/cki-project/kernel-ark/-/merge_requests/2021#note_1104569628
```
* 7596953a - redhat/configs: Enable Marvell OcteonTX2 crypto device
* 70f8bf7a - crypto: fips - make RHEL proc files report fips module name and
version
```
are still there,
From: Vladis Dronov on gitlab.com
https://gitlab.com/cki-project/kernel-ark/-/merge_requests/2021#note_1104341733
hi, @prarit, can you please, also drop "crypto: fips - make RHEL proc files
report fips module name and version"? this a CentOS-only patch, should not be
present in ARK.
From: Vladis Dronov on gitlab.com
https://gitlab.com/cki-project/kernel-ark/-/merge_requests/2021#note_1104340597
hi, @prarit, can you please, drop "redhat/configs: Enable Marvell OcteonTX2
crypto device"?
these changes are in ARK already per: https://gitlab.com/cki-project/kernel-
From: Vladis Dronov on gitlab.com
https://gitlab.com/cki-project/kernel-ark/-/merge_requests/1909#note_1041101414
thanks a ton, @prarit!
_[yesss, yesss, a long-awaited ACK, my my preciou]_
___
kernel mailing list -- kernel@lists.fedoraproject.org
From: Vladis Dronov
Add new FIPS module name and version configs
Recently merged upstream 5a44749f65b2 ("crypto: fips - make proc files
report fips module name and version") adds a couple of configs which
defaults need to be set explicitly.
Signed-off-by: Vladis Dronov
diff --git
From: Vladis Dronov on gitlab.com
https://gitlab.com/cki-project/kernel-ark/-/merge_requests/1808#note_1024100829
hi, Patrick @ptalbert, could you consider this for merging, if there are no
objections from a team?
___
kernel mailing list --
From: Vladis Dronov on gitlab.com
https://gitlab.com/cki-project/kernel-ark/-/merge_requests/1905#note_1022423300
thanks, Ondrej @omos, Justin @jmflinuxtx!
___
kernel mailing list -- kernel@lists.fedoraproject.org
To unsubscribe send an email to
From: Vladis Dronov on gitlab.com
https://gitlab.com/cki-project/kernel-ark/-/merge_requests/1905#note_1022401268
@dhorak1 upstream's 9c846c5d2d4e is in herbert/cryptodev-2.6.git as of now but
it will be merged to linux.git eventually.
___
kernel
From: Vladis Dronov on gitlab.com
https://gitlab.com/cki-project/kernel-ark/-/merge_requests/1905#note_1022398822
thanks, Justin @jmflinuxtx. i've just updated the MR's commit to enable QAT
for all the supported arches on Fedora. ELN part stays the same - x86 only, as
Intel has not tested other
From: Vladis Dronov
redhat/configs: Enable QAT devices for arches other than x86
Upstream 9c846c5d2d4e ("crypto: qat - Removes the x86 dependency on
the QAT drivers") removed the x86 dependency for the QAT drivers.
Enable QAT for the x86 only in CentOS Stream. Enable QAT for all the
supported
From: Vladis Dronov on gitlab.com
https://gitlab.com/cki-project/kernel-ark/-/merge_requests/1905#note_1022131094
my concern was that a number of crypto devices are disabled both in RHEL/CS
and Fedora, so I've followed the same approach. if for example CCREE device is
disabled, I'm not sure what
From: Vladis Dronov
redhat/configs: Support QAT devices for x86 only
Upstream 9c846c5d2d4e ("crypto: qat - Removes the x86 dependency on
the QAT drivers") removed the x86 dependency for the QAT drivers.
Still support QAT for the x86 only as the only arch thoroughly tested.
Signed-off-by:
From: Vladis Dronov
[redhat] Split CONFIG_FIPS_SIGNATURE_SELFTEST config
Enable CONFIG_FIPS_SIGNATURE_SELFTEST in ELN following
CentOS Stream change as in:
https://bugzilla.redhat.com/show_bug.cgi?id=2080044
From: Vladis Dronov
[redhat] Move CONFIG_FIPS_SIGNATURE_SELFTEST to a proper place
And unify its Fedora and ELN versions.
Signed-off-by: Vladis Dronov
diff --git a/redhat/configs/ark/generic/CONFIG_FIPS_SIGNATURE_SELFTEST
b/redhat/configs/common/generic/CONFIG_FIPS_SIGNATURE_SELFTEST
rename
From: Vladis Dronov on gitlab.com
https://gitlab.com/cki-project/kernel-ark/-/merge_requests/1883#note_1005720085
this mr is a counterpart of c9s one:
https://gitlab.com/redhat/centos-stream/src/kernel/centos-stream-9/-/merge_req
uests/755/diffs?commit_id=fce1c48a029d3db1f53410a1754e28b1444f5fd7
From: Vladis Dronov
Enable Marvell OcteonTX2 crypto device in ARK
Enable CRYPTO_DEV_OCTEONTX2_CPT, HW_RANDOM_CN10K and build them as
modules in ARK. Enable NET_VENDOR_MARVELL and OCTEONTX2_MBOX in ARK
too as these are requirements. Explicitly disable in ARK unsupported
Marvell network drivers
From: Vladis Dronov
Enable Marvell OcteonTX2 crypto device in ARK
Enable CRYPTO_DEV_OCTEONTX2_CPT, HW_RANDOM_CN10K and build them as
modules in ARK. Enable NET_VENDOR_MARVELL and OCTEONTX2_MBOX in ARK
too as these are requirements. Explicitly disable in ARK unsupported
Marvell network drivers
From: Vladis Dronov on gitlab.com
https://gitlab.com/cki-project/kernel-ark/-/merge_requests/1883#note_996728161
for posterity: this mr's c9s counterpart:
https://gitlab.com/redhat/centos-stream/src/kernel/centos-stream-9/-/merge_req
From: Vladis Dronov
Move CRYPTO_DEV_OCTEONTX2_CPT to a proper place
To match its location in C9S config tree.
Signed-off-by: Vladis Dronov
diff --git
a/redhat/configs/fedora/generic/arm/aarch64/CONFIG_CRYPTO_DEV_OCTEONTX2_CPT
From: Vladis Dronov on gitlab.com
https://gitlab.com/cki-project/kernel-ark/-/merge_requests/1879#note_992098282
Recording the build and Bugzillas mentioned in a description for posterity:
a build: https://brewweb.engineering.redhat.com/brew/taskinfo?taskID=45948522
bz1:
From: Vladis Dronov
Brush up crypto ECDH and ECDSA configs
Apply the same change as for C9S, so these configs are
consistent after a later branching. Fedora already has
CRYPTO_ECDSA=y so just add complimentary CRYPTO_ECDH=y.
Signed-off-by: Vladis Dronov
diff --git
From: Vladis Dronov
Brush up crypto SHA512 and USER configs
Apply the same change as for C9S, so these configs are
consistent after a later branching. Make them =y in ARK
(and drop duplicate zfcpdump entries) the same way as in
C9S, but leave them =m in Fedora.
Signed-off-by: Vladis Dronov
From: Vladis Dronov
Drop outdated CRYPTO_ECDH configs
There is no reason why CRYPTO_ECDH is disabled in aarch64
and s390x. These defaults were previously mass-imported
from RHEL7 and RHEL-ALT.
Signed-off-by: Vladis Dronov
diff --git a/redhat/configs/ark/generic/arm/aarch64/CONFIG_CRYPTO_ECDH
From: Vladis Dronov on gitlab.com
Merge Request: https://gitlab.com/cki-project/kernel-ark/-/merge_requests/1879
```
Several CentOS 9 Stream Bugzillas have updated certain crypto configs.
Forwart-port the same change to ARK, so these configs are consistent
after a later branching.
An ARK build
From: Vladis Dronov
Remove duplicates from ark/generic/s390x/zfcpdump/
Remove configs from ark/generic/s390x/zfcpdump/ which are
identical to the same configs in ark/generic/s390x/,
ark/generic/, common/generic/s390x and common/generic/.
Signed-off-by: Vladis Dronov
diff --git
From: Vladis Dronov
Move common/debug/s390x/zfcpdump/ configs to ark/debug/s390x/zfcpdump/
As Justin mentions, Fedora does not build zfcpdump flavor. common/ is for
things which are identical between Fedora and RHEL/ARK. The ark/ directory
is for things that are only set that way in RHEL/ARK.
From: Vladis Dronov on gitlab.com
Merge Request: https://gitlab.com/cki-project/kernel-ark/-/merge_requests/1855
Brush up s390x/zfcpdump/ configs. See an exact description of actions
in commit messages related. Resulting generated config files are
identical before and after this patchset.
From: Vladis Dronov
Move common/generic/s390x/zfcpdump/ configs to ark/generic/s390x/zfcpdump/
As Justin mentions, Fedora does not build zfcpdump flavor. common/ is for
things which are identical between Fedora and RHEL/ARK. The ark/ directory
is for things that are only set that way in
From: Vladis Dronov on gitlab.com
https://gitlab.com/cki-project/kernel-ark/-/merge_requests/1834#note_971084041
thanks, Justin. after reviewing configs re: this MR, i've found out that
s390x/zfcpdump is sort of a mess indeed. i plan to suggest a separate
(smaller) MR soon to brush up
From: Vladis Dronov on gitlab.com
https://gitlab.com/cki-project/kernel-ark/-/merge_requests/1834#note_966360128
3. indeed, the "ark is a fine location, as Fedora does not build those
configs" point makes sense, thank you. i guess, this means we should leave the
From: Vladis Dronov on gitlab.com
https://gitlab.com/cki-project/kernel-ark/-/merge_requests/1834#note_966348895
2) ok, i was wrong here, we do not need
`common/generic/s390x/zfcpdump/CONFIG_CRYPTO_CHACHA_S390` indeed, since we
already have `common/generic/s390x/CONFIG_CRYPTO_CHACHA_S390`. please
From: Vladis Dronov on gitlab.com
https://gitlab.com/cki-project/kernel-ark/-/merge_requests/1834#note_964446147
thanks, Justin @jmflinuxtx for a detailed explanation! 1) got it, thanks, i
see the pipeline is green now. 2) thanks, it would be awesome. 3) indeed, the
"ark is a fine location, as
From: Vladis Dronov on gitlab.com
https://gitlab.com/cki-project/kernel-ark/-/merge_requests/1834#note_963563679
my apologies, i beg to differ:
1) !1832's failed pipeline (https://gitlab.com/redhat/red-hat-ci-
tools/kernel/cki-public-pipelines/-/pipelines/550256134) states:
```
00:10:20 Found
From: Vladis Dronov on gitlab.com
https://gitlab.com/cki-project/kernel-ark/-/merge_requests/1834#note_963517305
hi, Justin @jmflinuxtx ! thanks for this MR! i was waiting for the
349d03ffd5f6 to get to ARK to submit config changes and you were first. the MR
is mostly fine, but i would add a
From: Vladis Dronov on gitlab.com
https://gitlab.com/cki-project/kernel-ark/-/merge_requests/1760#note_923057901
thanks, @omos, @dledford, @jmflinuxtx, most appreciated!
___
kernel mailing list -- kernel@lists.fedoraproject.org
To unsubscribe send an
From: Vladis Dronov
Move CONFIG_HW_RANDOM_CN10K to a proper place
And make it build as a module.
Signed-off-by: Vladis Dronov
diff --git a/redhat/configs/common/generic/CONFIG_HW_RANDOM_CN10K
b/redhat/configs/common/generic/CONFIG_HW_RANDOM_CN10K
deleted file mode 100644
index
From: Vladis Dronov on gitlab.com
https://gitlab.com/cki-project/kernel-ark/-/merge_requests/1583#note_816445879
i would guess it is for "join".
___
kernel mailing list -- kernel@lists.fedoraproject.org
To unsubscribe send an email to
From: Vladis Dronov on gitlab.com
https://gitlab.com/cki-project/kernel-ark/-/merge_requests/1552#note_813638135
agreed. thanks @jmflinuxtx for the upstream patch!
for posterity: https://git.kernel.org/pub/scm/linux/kernel/git/next/linux-
From: Vladis Dronov on gitlab.com
https://gitlab.com/cki-project/kernel-ark/-/merge_requests/1552#note_808632460
on a second thought. if commit 6048fdcc5f269 makes a number of items non-
configurable, i guess it makes it for a reason. this way, should not we remove
these items from
From: Vladis Dronov on gitlab.com
https://gitlab.com/cki-project/kernel-ark/-/merge_requests/1528#note_796293940
i've started the [build pipeline](https://gitlab.com/cki-project/kernel-
ark/-/pipelines/437633569), let's wait for it to finish successfully:
From: Vladis Dronov on gitlab.com
https://gitlab.com/cki-project/kernel-ark/-/merge_requests/1528#note_796291978
lgtm, thanks, approved.
___
kernel mailing list -- kernel@lists.fedoraproject.org
To unsubscribe send an email to
From: Vladis Dronov on gitlab.com
https://gitlab.com/cki-project/kernel-ark/-/merge_requests/1528#note_795099872
thanks, Neal!
___
kernel mailing list -- kernel@lists.fedoraproject.org
To unsubscribe send an email to kernel-le...@lists.fedoraproject.org
From: Vladis Dronov on gitlab.com
https://gitlab.com/cki-project/kernel-ark/-/merge_requests/1528#note_795099643
`redhat/configs/common/generic/CONFIG_ZRAM_DEF_COMP_ZSTD` should be `#
CONFIG_ZRAM_DEF_COMP_ZSTD is not set`, not `=n`. just move `fedora/` version
of this file to `common/`.
From: Vladis Dronov on gitlab.com
https://gitlab.com/cki-project/kernel-ark/-/merge_requests/1528#note_795099573
`redhat/configs/common/generic/CONFIG_ZRAM_DEF_COMP_ZSTD` should be `#
CONFIG_ZRAM_DEF_COMP_ZSTD is not set`, not `=n`. just move `fedora/` version
of this file to `common/`.
From: Vladis Dronov on gitlab.com
https://gitlab.com/cki-project/kernel-ark/-/merge_requests/1528#note_795078091
i would suggest brushing this up a bit more in a form of the 2nd patch: move
all `redhat/configs/fedora/generic/CONFIG_ZRAM_DEF_*` to
`redhat/configs/common/generic/` (with overwrites)
From: Vladis Dronov on gitlab.com
https://gitlab.com/cki-project/kernel-ark/-/merge_requests/1528#note_795076107
this patch should not only provide `common/generic/CONFIG_CRYPTO_ZSTD` but
also remove `ark/generic/CONFIG_CRYPTO_ZSTD`. otherwise the latter overrides
the former. could you please
From: Vladis Dronov on gitlab.com
https://gitlab.com/cki-project/kernel-ark/-/merge_requests/1431#note_706277921
LGTM
i do not have the "approve" button in a web-interface so i cannot approve
using it.
___
kernel mailing list --
From: Vladis Dronov on gitlab.com
https://gitlab.com/cki-project/kernel-ark/-/merge_requests/1371#note_682038498
looks good for me, but i do not have the "approve" button here on this page.
Acked-by: Vladis Dronov
___
kernel mailing list --
From: Vladis Dronov on gitlab.com
https://gitlab.com/cki-project/kernel-ark/-/merge_requests/1375#note_672292721
indeed, so probably this MR should be made against the C9S tree and not the
ARK one...?
___
kernel mailing list --
From: Vladis Dronov on gitlab.com
https://gitlab.com/cki-project/kernel-ark/-/merge_requests/1287#note_639691728
done, thank you.
could you please have a look and possibly provide an ACK?
___
kernel mailing list -- kernel@lists.fedoraproject.org
To
From: Vladis Dronov
[redhat] Enable CONFIG_RANDOM_TRUST_CPU for all the arches
Many modern cloud instance types have hardware with RDRAND, but the RHEL-9
still do not use it. Enable CONFIG_RANDOM_TRUST_CPU the same way as in the
RHEL-8 and Fedora and add ARM too.
Bugzilla:
From: Vladis Dronov on gitlab.com
https://gitlab.com/cki-project/kernel-ark/-/merge_requests/1287#note_639684681
will do in a minute, thank you for the reply.
___
kernel mailing list -- kernel@lists.fedoraproject.org
To unsubscribe send an email to
From: Vladis Dronov
[redhat] Enable CONFIG_RANDOM_TRUST_CPU for all arches but aarch64
Many modern cloud instance types have hardware with RDRAND, but the RHEL-9
still do not use it. Enable CONFIG_RANDOM_TRUST_CPU the same way as in the
RHEL-8 and Fedora.
Bugzilla:
From: Vladis Dronov on gitlab.com
https://gitlab.com/cki-project/kernel-ark/-/merge_requests/1189#note_615017439
thanks, @ptalbert, most appreciated!
___
kernel mailing list -- kernel@lists.fedoraproject.org
To unsubscribe send an email to
From: Vladis Dronov on gitlab.com
https://gitlab.com/cki-project/kernel-ark/-/merge_requests/1189#note_614227693
thanks, Herbert! i believe this can be merged now with 2 acks.
___
kernel mailing list -- kernel@lists.fedoraproject.org
To unsubscribe send
From: Vladis Dronov on gitlab.com
https://gitlab.com/cki-project/kernel-ark/-/merge_requests/1189#note_614221998
thanks, Justin!
___
kernel mailing list -- kernel@lists.fedoraproject.org
To unsubscribe send an email to
From: Vladis Dronov on gitlab.com
https://gitlab.com/cki-project/kernel-ark/-/merge_requests/1189#note_614147864
hello, @ptalbert, @jmflinuxtx, @simo5, @herbert.xu2, could you please have a
look at this MR and probably merge it?
We need this, i'm inclined to say - asap, as this blocks some
From: Vladis Dronov
Revert "Merge branch 'ec_fips' into 'os-build'"
We need to revert the merge request !1150 and make CONFIG_CRYPTO_ECDH
and CONFIG_CRYPTO_ECDSA back to =m. Current =y setting prevents a kernel
booting in FIPS mode. This blocks some processes, see bz1915290#c23. This
is an
From: Vladis Dronov on gitlab.com
https://gitlab.com/cki-project/kernel-ark/-/merge_requests/1150#note_582009698
Acked-by: Vladis Dronov
___
kernel mailing list -- kernel@lists.fedoraproject.org
To unsubscribe send an email to
From: Vladis Dronov on gitlab.com
https://gitlab.com/cki-project/kernel-ark/-/merge_requests/1125#note_581976622
just a follow up for posterity - a brew build with this patchset
boots in a FIPS mode, i.e. the main issue is fixed:
From: Vladis Dronov
Revert s390x/zfcpdump part of a9d179c40281 and ecbfddd98621
Signed-off-by: Vladis Dronov
diff a/redhat/configs/ark/generic/s390x/zfcpdump/CONFIG_CRYPTO_CHACHA20
b/redhat/configs/ark/generic/s390x/zfcpdump/CONFIG_CRYPTO_CHACHA20
--- /dev/null
+++
From: Vladis Dronov
Embed crypto algos, modes and templates needed in the FIPS mode
Currently a number of FIPS-allowed algorithms are built as modules or are
not enabled in Fedora and ARK. This can result in a panic while booting
in the FIPS mode. Fix this by embedding the FIPS-allowed
From: Vladis Dronov on gitlab.com
Merge Request: https://gitlab.com/cki-project/kernel-ark/-/merge_requests/1125
```
Currently a number of FIPS-allowed algorithms are built as modules or
are
not enabled in Fedora and ARK. This can result in a panic while booting
in the FIPS mode. Fix this by
From: Vladis Dronov
Embed crypto algos, modes and templates needed in the FIPS mode
Currently a number of FIPS-allowed algorithms are built as modules or are
not enabled in Fedora and ARK. This can result in a panic while booting
in the FIPS mode. Fix this by embedding the FIPS-allowed
From: Vladis Dronov
Revert s390x/zfcpdump part of a9d179c40281 and ecbfddd98621
Signed-off-by: Vladis Dronov
diff a/redhat/configs/ark/generic/s390x/zfcpdump/CONFIG_CRYPTO_CHACHA20
b/redhat/configs/ark/generic/s390x/zfcpdump/CONFIG_CRYPTO_CHACHA20
--- /dev/null
+++
From: Vladis Dronov on gitlab.com
Merge Request: https://gitlab.com/cki-project/kernel-ark/-/merge_requests/1125
```
Currently a number of FIPS-allowed algorithms are built as modules or
are
not enabled in Fedora and ARK. This can result in a panic while booting
in the FIPS mode. Fix this by
From: Vladis Dronov
[redhat] Add CONFIG_SYSTEM_REVOCATION_KEYS and _LIST
Add CONFIG_SYSTEM_REVOCATION_KEYS and CONFIG_SYSTEM_REVOCATION_LIST options.
Make them disabled since there are no revoked certificates embedded.
Link:
From: Vladis Dronov on gitlab.com
https://gitlab.com/cki-project/kernel-ark/-/merge_requests/1125#note_575093466
as for the compression algorithms, yes, you are right.
i'll remove them from a v2 patch.
___
kernel mailing list --
From: Vladis Dronov on gitlab.com
https://gitlab.com/cki-project/kernel-ark/-/merge_requests/1125#note_572572639
thank you for the reply, Simo, let me address your points in order.
we need CTS and OFB because a kernel do not boot in FIPS otherwise:
From: Vladis Dronov
[redhat] Embed crypto algos, modes and templates needed in the FIPS mode
Currently a number of FIPS-allowed algorithms are built as modules or are
not enabled in Fedora and ARK. This can result in a panic while booting
in the FIPS mode. Fix this by embedding the FIPS-allowed
From: Vladis Dronov
[redhat] Enable CONFIG_CRYPTO_CFB=y so cfb(aes) is available in FIPS mode
Currently the CFB algo is built as a module in Fedora and is not build in
ARK. This results in a panic while booting in a FIPS mode:
[3.347092] alg: skcipher: failed to allocate transform for
From: Vladis Dronov on gitlab.com
https://gitlab.com/cki-project/kernel-ark/-/merge_requests/1027#note_551685662
a proof that the configs are not in a proper location, taking `kernel-
core-5.11.0-2.el9` build with this configs:
```
$ grep NET_VENDOR_SMSC */config
5.11.0-2.el9.aarch64/config:#
From: Vladis Dronov
[redhat] Move ARM SMC configs to a proper location
ARM SMC configs in generic/aarch64/ are not in a proper location.
Move them to a proper one, namely, ark/generic/arm/aarch64/.
Signed-off-by: Vladis Dronov
diff a/redhat/configs/generic/aarch64/CONFIG_EPIC100
From: Vladis Dronov on gitlab.com
https://gitlab.com/cki-project/kernel-ark/-/merge_requests/954#note_535541985
Thanks, @omos, Unfortunately, it looks like there is a permission issue
in this ARK repo.
___
kernel mailing list --
From: Vladis Dronov on gitlab.com
https://gitlab.com/cki-project/kernel-ark/-/merge_requests/951#note_535540959
interesting. my another teammate also do not have an approve button,
while he can approve in the redhat/rhel/src/kernel/rhel-8 repo. this
means, this most likely is a permission issue.
From: Vladis Dronov on gitlab.com
https://gitlab.com/cki-project/kernel-ark/-/merge_requests/954#note_535443648
Thanks, @omos, Unfortunately, it looks like just commenting with "Acked-
by:" does not work, this MR still has "0 Reviewers". Obvious, but were
you logged in gitlab?
From: Vladis Dronov on gitlab.com
https://gitlab.com/cki-project/kernel-ark/-/merge_requests/951#note_535442678
Don, Ondrej, thanks for looking into this. Unfortunately, it looks like
just commenting with "Acked-by:" does not work, this MR still has "0
Reviewers". Obvious, but were you logged in
From: Vladis Dronov
[redhat] Enable PERCPU_STATS and CRYPTO_DEV_CCP_DEBUGFS in the debug flavor
The same way in was done in the rhbz#1744633 and rhbz#bz1765717.
Signed-off-by: Vladis Dronov
diff a/redhat/configs/common/debug/CONFIG_CRYPTO_DEV_CCP_DEBUGFS
From: Vladis Dronov
[redhat] Enable CONFIG_PERCPU_STATS in the debug flavor
The same way in was done in the rhbz#1744633.
Signed-off-by: Vladis Dronov
diff a/redhat/configs/common/debug/CONFIG_PERCPU_STATS
b/redhat/configs/common/debug/CONFIG_PERCPU_STATS
--- /dev/null
+++
1 - 100 of 105 matches
Mail list logo
