Thread (19 messages) 19 messages, 7 authors, 2025-10-08

Re: 6.17 crashes in ipv6 code when booted fips=1 [was: [GIT PULL] Crypto Update for 6.17]

From: Vegard Nossum <hidden>
Date: 2025-10-06 19:12:07
Also in: linux-crypto, lkml

On 06/10/2025 18:19, Linus Torvalds wrote:
I think the other way of writing that is "fips=1 is and will remain 
irrelevant in the real world as long as it's that black-and-white".
On 06/10/2025 19:11, Linus Torvalds wrote:
On Mon, 6 Oct 2025 at 09:32, Vegard Nossum [off-list ref] wrote:
quoted
Okay, so I get that we don't like fips=1 around here (I'm not a
particularly big fan myself), but what's with the snark? fips=1 exists
in mainline and obviously has users. I'm just trying to make sure it
remains useful and usable.
It literally caused non-bootable machines because of that allegedly
"remains useful and usable" because it changed something that never
failed to failing. That's how this thread started.

So that's why the snark. I think you are deluding yourself and others
if you call that "useful and usable".
Yes, thank you, I've already acknowledged that my patch caused boot
failures and I apologize for that unintentional breakage. Why does this
mean we should throw fips=1 in the bin, though? That's a total non sequitur.

The fact is that fips=1 is not useful if it doesn't actually result
something that complies with the standard; the only purpose of fips=1 is
to allow the kernel to be used and certified as a FIPS module. But as
SHA-1 is still allowed for now, please go ahead and revert my patch,
it's commit 9d50a25eeb05c.


Vegard
Keyboard shortcuts
hback out one level
jnext message in thread
kprevious message in thread
ldrill in
Escclose help / fold thread tree
?toggle this help