Standa Laznicka wrote: > On 03/14/2017 03:14 PM, Martin Basti wrote: >> On 14.03.2017 14:56, Luc de Louw wrote: >>> My 3 cents... >>> >>> "Please note that FIPS 140-2 support may not work on some platforms" >>> >>> -> Does is work in Fedora? Should be worth mention it so people are >>> more encouraged to test it in Fedora before its getting to RHEL 7.4 >>> >>> Thanks, >>> >>> Luc >> We cannot guarantee that FIPS mode will work with fedora, any package >> update may break it. > Fedora itself is not capable of running in FIPS mode so there's no point > adding it there.
I can't believe this is correct. Did you try it and it failed? Did you file bugs? The dracut-fips and dracut-fips-aesni packages are both available. # cat /etc/redhat-release Fedora release 25 (Twenty Five) # sysctl crypto.fips_enabled crypto.fips_enabled = 0 So the basic stuff is there and the kernel knows what FIPS is. Any NSS-based application can enable FIPS-mode independently of the kernel via modutil or application-specific settings (e.g. NSSFIPS in mod_nss). rob -- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code
