On Tue, 15 Feb 2022 at 09:53, Tomas Mraz wrote:
> Please note that there are two checksums in the configuration file. One
> of them is the FIPS module checksum and the other is the checksum of
> the configuration. You can copy the file across machines if it is
> without the configuration checksum
Please note that there are two checksums in the configuration file. One
of them is the FIPS module checksum and the other is the checksum of
the configuration. You can copy the file across machines if it is
without the configuration checksum - that means the selftest will be
always run when the FIP
There is nothing stopping cheating.
If you are going to cheat, why bother with FIPS at all? Just claim
you're FIPS.
Pauli
On 15/2/22 10:49, Ma Ar wrote:
Maybe a dumb question too, considering that i am admittedly just
getting into this field, but I though maybe if I ask I might learn
so
Tom, thanks for looking this up. I believe that this particular piece
of guidance was removed in 140-3.
Pauli
On 15/2/22 10:57, Thomas Dwyer III wrote:
I believe the relevant standard is described in the Implementation
Guidance for FIPS 140-2:
https://csrc.nist.gov/csrc/media/projects/crypt
I believe the relevant standard is described in the Implementation Guidance
for FIPS 140-2:
https://csrc.nist.gov/csrc/media/projects/cryptographic-module-validation-program/documents/fips140-2/fips1402ig.pdf
(see IG 9.11 beginning on page 179). I searched briefly for similar text in
FIPS 140-3 IG
Maybe a dumb question too, considering that i am admittedly just getting
into this field, but I though maybe if I ask I might learn
something...is there any method of assurance that the test were then run
on the machine they are installed on?
If whatever those tests are attesting to to certify
Yes, this has to do with the FIPS standards. I forget which standard it
is but the self tests are mandated to be run on each device independently.
The fipsinstall process runs the self tests before generating the
configuration file. If the self tests fail, the module doesn't
install. Copyin
