The patch here, and one sent to bitbake-devel together enable basic support for a FIPS-140 host system.
What was identified were a few users of md5, which is not allowed for any security part of the system. It can still be used to identify changes and similar non-security activities. (OE already uses sha256 for file integrity.) In addition to this, it's possible that a recipe may attempt to use md5 during the build process. In oe-core, the only user is 'ovmf'. At this time I don't intend to provide a fix for ovmf, but everything else in core works properly now. Mark Hatle (1): insane.bbclass: Update insane.bbclass to work on FIPS enabled hosts meta/classes/insane.bbclass | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) -- 2.25.1
-=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#162521): https://lists.openembedded.org/g/openembedded-core/message/162521 Mute This Topic: https://lists.openembedded.org/mt/89466661/21656 Group Owner: openembedded-core+ow...@lists.openembedded.org Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
