crypto: api - Add fips_enable flag Add the ability to turn FIPS-compliant mode on or off at boot In order to be FIPS compliant, several check may need to be preformed that may be construed as unusefull in a non-compliant mode. This patch allows us to set a kernel flag incating that we are running in a fips-compliant mode from boot up. It also exports that mode information to user space via a sysctl (/proc/sys/crypto/fips_enabled). Tested successfully by me. Signed-off-by: Neil Horman <nhorman@tuxdriver.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>

commit: ccb778e1841ce04b4c10b39f0dd2558ab2c6dcd4 [log] [tgz]
author: Neil Horman <nhorman@tuxdriver.com> Tue Aug 05 14:13:08 2008 +0800
committer: Herbert Xu <herbert@gondor.apana.org.au> Fri Aug 29 15:50:02 2008 +1000
tree: d15c704e38e731391fdb8bf8db1922aff893acd7
parent: 5be5e667a9a5d8d5553e009e67bc692d95e5916a [diff] [blame]
diff --git a/crypto/Kconfig b/crypto/Kconfig
index 776f90d..a784c2d 100644
--- a/crypto/Kconfig
+++ b/crypto/Kconfig

@@ -21,6 +21,14 @@
 
 comment "Crypto core or helper"
 
+config CRYPTO_FIPS
+	bool "FIPS 200 compliance"
+	help
+	  This options enables the fips boot option which is
+	  required if you want to system to operate in a FIPS 200
+	  certification.  You should say no unless you know what
+	  this is.
+
 config CRYPTO_ALGAPI
 	tristate
 	help
commit	ccb778e1841ce04b4c10b39f0dd2558ab2c6dcd4	[log] [tgz]
author	Neil Horman <nhorman@tuxdriver.com>	Tue Aug 05 14:13:08 2008 +0800
committer	Herbert Xu <herbert@gondor.apana.org.au>	Fri Aug 29 15:50:02 2008 +1000
tree	d15c704e38e731391fdb8bf8db1922aff893acd7
parent	5be5e667a9a5d8d5553e009e67bc692d95e5916a [diff] [blame]