In the draft User Guide for the FIPS Object Module 2.0, the official validated platforms are shown as Linux and Windows, 32- and 64-bit architectures, with or without assembler optimizations. The draft Security Policy mentions only Android 2.2 and HP-UX 11i in section 2: Tested Configurations, and mentions changes to accommodate cross-compilation for UCLinux.
QUESTION: The Security Policy for 1.2.2 specifically spells out the Linux and Windows validation platforms, but the draft 2.0 document does not. What does this imply about what platforms will be considered validated on the 2.0 module? The User's Guide also mentions success with the build on a number of other Unix platforms, and also uses 'Solaris 10' as an example of a platform appearing in section 5.5 in the statement of use of the Module. QUESTION: even though Solaris is not shown as a validated platform, can we, having implemented with (OpenSSL 1.0.1 and FIPS 2.0) safely make a statement similar to the sample in Section 5.5 on the non-validated platforms? That is, if we implement additionally on Solaris, HP, and Linux IA, for example, can we responsibly make the claim that we are using the validated Module on those platforms? Thanks for any advice. +-+-+-+-+-+-+ Dave McLellan, Symmetrix Software Engineering EMC Corporation, 176 South St, Hopkinton MA Mail Stop 176-B1 1/P-36 office 508-249-1257, fax 508-497-8027 cell 978-500-2546 +-+-+-+-+-+-+
