Fedora QA Meeting for this week - moved!
Steve Grubb
sgrubb at redhat.com
Wed Oct 1 12:53:58 UTC 2008
On Tuesday 30 September 2008 18:30:29 Will Woods wrote:
> - Any features that will need close attention between now and Preview?
This is not a Fedora Feature (yet) but it is something we are curious
about...libgcrypt has been updated to support FIPS-140-2. The way that we've
worked things to enable FIPS mode is to add a fips=1 to the grub kernel boot
params. However, that is not scheduled to be in a kernel until 2.6.28 (we
wished the Fedora 10 kernel were patched so deeper testing could be done). In
the meantime, libgcrypt in rawhide/F-10 does have a way of forcing the FIPS
mode:
touch /etc/gcrypt/fips140.force
This causes it to disable certain non-FIPS approved algorithms and enable
startup and continuous cryptographic tests. Any problems in applications will
be noted in syslog. We know that FIPS mode breaks gnutls and everything
linked to it. We don't know what else is potentially broken.
We need every application linked to libgcrypt to either work as advertised or
output a reasonable error message saying why it doesn't work - iow it depends
exclusively on algorthims or keysizes that are forbidden by FIPS. The docs
for gcrypt have been updated and explains in a lot more detail how things
work (also required for FIPS). So, that should help fix apps.
This is not mandatory to be working at F-10 release since the kernel support
is still way off in the future. (We'll probablys start a F-11 feature page
for this soon.) I expect a fair amount of breakage and would like a head
start on making things work. No one should see any ill effects when not in
FIPS mode, which is the way we expect everyone to run today.
Thanks,
-Steve
More information about the test
mailing list