[fips-9-compliant] Rebase Custom changes to 5.14.0-570.39.1.el9_6 #547

PlaidCat · 2025-09-03T20:47:05Z

Update process (This kernel CentOS base for `5.14.0-570`)

Kernel History Rebuild Process for all src.rpms hosted by RESF
Create fips-9-compliant/5.14.0-570.X.1.el8_10 branch
Check if any maintained code is included in the new el release.
Cherry-pick all code from previous branch into new branch (skipping unneeded code)
- Fix conflicts as they arise
Build and Test

FIPS checks

[rolling release update] Number of commits to check:  98
[rolling release update] Checking modifications of shas
[rolling release update] Checked 9 of 98 commits
[rolling release update] Checked 18 of 98 commits
[rolling release update] Checked 27 of 98 commits
[rolling release update] Checked 36 of 98 commits
[rolling release update] Checked 45 of 98 commits
[rolling release update] Checked 54 of 98 commits
[rolling release update] Checked 63 of 98 commits
[rolling release update] Checked 72 of 98 commits
[rolling release update] Checked 81 of 98 commits
[rolling release update] Checked 90 of 98 commits
[rolling release update] 0 of 98 commits have FIPS protected changes
[rolling release update] Checking out old rolling branch:  fips-9-compliant/5.14.0-570.33.2.el9_6

Removed Commits

NONE

Forward Port Process

[jmaple@devbox code]$ cat RR.resf_kernel-5.14.0-570.39.1.el9_6.log
[rolling release update] Rolling Product:  fips-9-compliant
[rolling release update] Checking out branch:  fips-9-compliant/5.14.0-570.33.2.el9_6
[rolling release update] Gathering all the RESF kernel Tags
b'ee328fded72f (tag: resf_kernel-5.14.0-570.33.2.el9_6, origin/rocky9_6_rebuild) Rebuild rocky9_6 with kernel-5.14.0-570.33.2.el9_6'
b'0564e55498d2 (tag: resf_kernel-5.14.0-570.32.1.el9_6) Rebuild rocky9_6 with kernel-5.14.0-570.32.1.el9_6'

[SNIP]

b'18c0812a6563 (tag: resf_kernel-5.14.0-570.12.1.el9_6) Rebuild rocky9_6 with kernel-5.14.0-570.12.1.el9_6'
[rolling release update] Old Rolling Branch Tags:  [b'ee328fded72f', b'0564e55498d2', b'e0a1a84bc26b', b'9fbeb8c24bbd', b'8cc6f289778f', b'cad0cbcb03be', b'4743a27158ca', b'08b6475feb07', b'667004a38548', b'9477e3364951', b'b94108159618', b'e8b954c95fef', b'838cd1e8d046', b'171ceb527773', b'18c0812a6563']
[rolling release update] Checking out branch:  rocky9_6
[rolling release update] Gathering all the RESF kernel Tags
b'1b9ea68b26cf (HEAD -> rocky9_6, tag: resf_kernel-5.14.0-570.39.1.el9_6, origin/rocky9_6) Rebuild rocky9_6 with kernel-5.14.0-570.39.1.el9_6'
b'6ad42715f2bf (tag: resf_kernel-5.14.0-570.37.1.el9_6) Rebuild rocky9_6 with kernel-5.14.0-570.37.1.el9_6'
b'ee328fded72f (tag: resf_kernel-5.14.0-570.33.2.el9_6, origin/rocky9_6_rebuild) Rebuild rocky9_6 with kernel-5.14.0-570.33.2.el9_6'
b'0564e55498d2 (tag: resf_kernel-5.14.0-570.32.1.el9_6) Rebuild rocky9_6 with kernel-5.14.0-570.32.1.el9_6'

[SNIP]

b'18c0812a6563 (tag: resf_kernel-5.14.0-570.12.1.el9_6) Rebuild rocky9_6 with kernel-5.14.0-570.12.1.el9_6'
[rolling release update] New Base Branch Tags:  [b'1b9ea68b26cf', b'6ad42715f2bf', b'ee328fded72f', b'0564e55498d2', b'e0a1a84bc26b', b'9fbeb8c24bbd', b'8cc6f289778f', b'cad0cbcb03be', b'4743a27158ca', b'08b6475feb07', b'667004a38548', b'9477e3364951', b'b94108159618', b'e8b954c95fef', b'838cd1e8d046', b'171ceb527773', b'18c0812a6563']
[rolling release update] Latest RESF tag sha:  b'ee328fded72f'
"ee328fded72f91fe45b0ba5d4fdba1c1100836bd Rebuild rocky9_6 with kernel-5.14.0-570.33.2.el9_6"
[rolling release update] Checking for FIPS protected changes between the common tag and HEAD
[rolling release update] Checking for FIPS protected changes
[rolling release update] Getting SHAS ee328fded72f..HEAD
[rolling release update] Number of commits to check:  98
[rolling release update] Checking modifications of shas
[rolling release update] Checked 9 of 98 commits
[rolling release update] Checked 18 of 98 commits
[rolling release update] Checked 27 of 98 commits
[rolling release update] Checked 36 of 98 commits
[rolling release update] Checked 45 of 98 commits
[rolling release update] Checked 54 of 98 commits
[rolling release update] Checked 63 of 98 commits
[rolling release update] Checked 72 of 98 commits
[rolling release update] Checked 81 of 98 commits
[rolling release update] Checked 90 of 98 commits
[rolling release update] 0 of 98 commits have FIPS protected changes
[rolling release update] Checking out old rolling branch:  fips-9-compliant/5.14.0-570.33.2.el9_6
[rolling release update] Finding the CIQ Kernel and Associated Upstream commits between the last resf tag and HEAD
[rolling release update] Last RESF tag sha:  b'ee328fded72f'
[rolling release update] Total Commit in old branch:  14
{ "CIQ COMMMIT" : "UPSTREAM COMMMIT" }
Printing first 5 and last 5 commits
{
  "bdb664994bfe0a497f297f35182689cf711c5589": "",
  "7d1d965b12e0895d53855d8065ac7184239b92e3": "",
  "fd8a0deb716f6f4dde224de4a6e1caa08cef801d": "",
  "e10a72fc0af3726dbf2fe31b1e4eb4613fe1249a": "",
  "973846f32083cd205aeb378e87f38cba637043a5": ""
}
{
  "1f05f5b4ebe26f1f28e4e644c37345981732c0a4": "",
  "bb288775c3758f17fc4e5195359f972d95ebe3bb": "",
  "415253cebbd8920d09a39ebc593e7b7c4d4c293d": "",
  "6ba8dbffb26010722f49ba94cc0a863c5bfaa86c": "",
  "96540fc648b205dc56e535b644f985b4644bd010": ""
}
[rolling release update] Checking out new base branch:  rocky9_6
[rolling release update] Finding the kernel version for the new rolling release
b'1b9ea68b26cf (HEAD -> rocky9_6, tag: resf_kernel-5.14.0-570.39.1.el9_6, origin/rocky9_6) Rebuild rocky9_6 with kernel-5.14.0-570.39.1.el9_6'
<re.Match object; span=(0, 70), match=b'1b9ea68b26cf (HEAD -> rocky9_6, tag: resf_kernel>
[rolling release update} New Branch to create  fips-9-compliant/5.14.0-570.39.1.el9_6
[rolling release update] Check if branch Exists:  fips-9-compliant/5.14.0-570.39.1.el9_6
Branch fips-9-compliant/5.14.0-570.39.1.el9_6 does not exists creating
[rolling release update] Creating new branch for PR:  jmaple_fips-9-compliant/5.14.0-570.39.1.el9_6
[rolling release update] Creating Map of all new commits from last rolling release fork
[rolling release update] Total Commit in new branch:  97
{ "CIQ COMMMIT" : "UPSTREAM COMMMIT" }
Printing first 5 and last 5 commits
{
  "1b9ea68b26cff8acb6b0c3ca118cb6ca6fe35d6e": "",
  "b506bb2ae5a7747d0583a03c12b541c3087182e2": "a90b2a1aaacbcf0f91d7e4868ad6c51c5dee814b",
  "98a03cb9f60c101d32607c975f8c64816c416fb1": "774a1fa880bc949d88b5ddec9494a13be733dfa8",
  "bcf5608887ba7391c34b301bcb7fbd18b869b988": "4b1815a52d7eb03b3e0e6742c6728bc16a4b2d1d",
  "0411a65a95236395fd2e521ef057434f1fb422f7": "47c397844869ad0e6738afb5879c7492f4691122"
}
{
  "bb412eb7c28d820a9e08bf94980b65941469573c": "3382a1ed7f778db841063f5d7e317ac55f9e7f72",
  "2872192d6b96a826b8ea689fd1f84327acb9c5b1": "1013af4f585fccc4d3e5c5824d174de2257f7d6d",
  "d88ac2850df63564ca7abdd2f5acb880ecda8f10": "claimed to fix an issue introduced in 5.13, but it should actually",
  "f1889bb6ed27e9e6bd4d7f76228f15478b826423": "ee40c9920ac286c5bfe7c811e66ff899266d2582",
  "d49f2e6e34f29fa9686ba2d4b73eabc73c97a91b": "1d6123102e9fbedc8d25bf4731da6d513173e49e"
}
[rolling release update] Checking if any of the commits from the old rolling release are already present in the new base branch
[rolling release update] Removing commits from the new branch
[rolling release update] Applying the remaining commits to the new branch
Applying commit  "96540fc648b205dc56e535b644f985b4644bd010 crypto: jitter - replace LFSR with SHA3-256"
Applying commit  "6ba8dbffb26010722f49ba94cc0a863c5bfaa86c crypto: aead,cipher - zeroize key buffer after use"
Applying commit  "415253cebbd8920d09a39ebc593e7b7c4d4c293d SUSE: patch: crypto-ecdh-implement-FIPS-PCT.patch"
Applying commit  "bb288775c3758f17fc4e5195359f972d95ebe3bb crypto: ecdh - explicitly zeroize private_key"
Applying commit  "1f05f5b4ebe26f1f28e4e644c37345981732c0a4 crypto: lib/mpi - Fix unexpected pointer access in mpi_ec_init"
Applying commit  "36bfee765708758904ee6446c2c048c13d72a1e3 In essiv_aead_setkey(), use the same logic as crypto_authenc_esn_setkey() to zeroize keys on exit. converting ws"
Applying commit  "3ff48ae74b6895d4a7deeb1ea4e82eeaefc38b3d crypto: drbg - Align buffers to at least a cache line"
Applying commit  "037fdb57f957e926636a8788f8a3cbf1c2521382 mm/gup: introduce pin_user_pages_fast_only()"
Applying commit  "8d0c2f2f3dbb1b465e6de56709501a2db2fc7014 crypto: rng - Convert crypto_default_rng_refcnt into an unsigned int"
Applying commit  "973846f32083cd205aeb378e87f38cba637043a5 crypto: rng - Fix priority inversions due to mutex locks"
Applying commit  "e10a72fc0af3726dbf2fe31b1e4eb4613fe1249a crypto: rng - Implement fast per-CPU DRBG instances"
Applying commit  "fd8a0deb716f6f4dde224de4a6e1caa08cef801d Revert: crypto: DRBG - switch to HMAC SHA512 DRBG as default DRBG"
Applying commit  "7d1d965b12e0895d53855d8065ac7184239b92e3 configs: Ensure FIPS settings defined"
Applying commit  "bdb664994bfe0a497f297f35182689cf711c5589 Revert "Revert: crypto: DRBG - switch to HMAC SHA512 DRBG as default DRBG""

BUILD

[jmaple@devbox code]$ egrep -B 5 -A 5 "\[TIMER\]|^Starting Build" $(ls -t kbuild* | head -n1)
/mnt/code/kernel-src-tree-build
Running make mrproper...
[TIMER]{MRPROPER}: 6s
x86_64 architecture detected, copying config
'configs/kernel-x86_64-rhel.config' -> '.config'
Setting Local Version for build
CONFIG_LOCALVERSION="-jmaple_fips-9-compliant_5.14.0-570.39.1.el9_6-9a7e417"
Making olddefconfig
--
  HOSTCC  scripts/kconfig/util.o
  HOSTLD  scripts/kconfig/conf
#
# configuration written to .config
#
Starting Build
  SYSHDR  arch/x86/include/generated/uapi/asm/unistd_32.h
  SYSHDR  arch/x86/include/generated/uapi/asm/unistd_64.h
  SYSHDR  arch/x86/include/generated/uapi/asm/unistd_x32.h
  SYSTBL  arch/x86/include/generated/asm/syscalls_32.h
  SYSHDR  arch/x86/include/generated/asm/unistd_32_ia32.h
--
  BTF [M] sound/usb/usx2y/snd-usb-usx2y.ko
  LD [M]  sound/xen/snd_xen_front.ko
  BTF [M] sound/x86/snd-hdmi-lpe-audio.ko
  BTF [M] sound/xen/snd_xen_front.ko
  BTF [M] sound/virtio/virtio_snd.ko
[TIMER]{BUILD}: 1806s
Making Modules
  INSTALL /lib/modules/5.14.0-jmaple_fips-9-compliant_5.14.0-570.39.1.el9_6-9a7e417+/kernel/arch/x86/crypto/blake2s-x86_64.ko
  INSTALL /lib/modules/5.14.0-jmaple_fips-9-compliant_5.14.0-570.39.1.el9_6-9a7e417+/kernel/arch/x86/crypto/blowfish-x86_64.ko
  INSTALL /lib/modules/5.14.0-jmaple_fips-9-compliant_5.14.0-570.39.1.el9_6-9a7e417+/kernel/arch/x86/crypto/camellia-aesni-avx-x86_64.ko
  INSTALL /lib/modules/5.14.0-jmaple_fips-9-compliant_5.14.0-570.39.1.el9_6-9a7e417+/kernel/arch/x86/crypto/camellia-aesni-avx2.ko
--
  INSTALL /lib/modules/5.14.0-jmaple_fips-9-compliant_5.14.0-570.39.1.el9_6-9a7e417+/kernel/sound/xen/snd_xen_front.ko
  SIGN    /lib/modules/5.14.0-jmaple_fips-9-compliant_5.14.0-570.39.1.el9_6-9a7e417+/kernel/sound/x86/snd-hdmi-lpe-audio.ko
  STRIP   /lib/modules/5.14.0-jmaple_fips-9-compliant_5.14.0-570.39.1.el9_6-9a7e417+/kernel/sound/xen/snd_xen_front.ko
  SIGN    /lib/modules/5.14.0-jmaple_fips-9-compliant_5.14.0-570.39.1.el9_6-9a7e417+/kernel/sound/xen/snd_xen_front.ko
  DEPMOD  /lib/modules/5.14.0-jmaple_fips-9-compliant_5.14.0-570.39.1.el9_6-9a7e417+
[TIMER]{MODULES}: 8s
Making Install
sh ./arch/x86/boot/install.sh 5.14.0-jmaple_fips-9-compliant_5.14.0-570.39.1.el9_6-9a7e417+ \
        arch/x86/boot/bzImage System.map "/boot"
[TIMER]{INSTALL}: 23s
Checking kABI
kABI check passed
Setting Default Kernel to /boot/vmlinuz-5.14.0-jmaple_fips-9-compliant_5.14.0-570.39.1.el9_6-9a7e417+ and Index to 0
Hopefully Grub2.0 took everything ... rebooting after time metrices
[TIMER]{MRPROPER}: 6s
[TIMER]{BUILD}: 1806s
[TIMER]{MODULES}: 8s
[TIMER]{INSTALL}: 23s
[TIMER]{TOTAL} 1848s
Rebooting in 10 seconds

KSelfTest

[jmaple@devbox code]$ ls -rt kselftest.* | tail -n4 | while read line; do echo $line; grep '^ok ' $line | wc -l ; done
kselftest.5.14.0-jmaple_fips-9-compliant_5.14.0-570.2-51923823e828+.log
317
kselftest.5.14.0-jmaple_fips-9-compliant_5.14.0-570.30.1.el9_6-4dd913b+.v2.log
317
kselftest.5.14.0-jmaple_fips-9-compliant_5.14.0-570.33.2.el9_6-7d1d965+.log
317
kselftest.5.14.0-jmaple_fips-9-compliant_5.14.0-570.39.1.el9_6-9a7e417+.log
318

Using the kernel crypto API, the SHA3-256 algorithm is used as conditioning element to replace the LFSR in the Jitter RNG. All other parts of the Jitter RNG are unchanged. The application and use of the SHA-3 conditioning operation is identical to the user space Jitter RNG 3.4.0 by applying the following concept: - the Jitter RNG initializes a SHA-3 state which acts as the "entropy pool" when the Jitter RNG is allocated. - When a new time delta is obtained, it is inserted into the "entropy pool" with a SHA-3 update operation. Note, this operation in most of the cases is a simple memcpy() onto the SHA-3 stack. - To cause a true SHA-3 operation for each time delta operation, a second SHA-3 operation is performed hashing Jitter RNG status information. The final message digest is also inserted into the "entropy pool" with a SHA-3 update operation. Yet, this data is not considered to provide any entropy, but it shall stir the entropy pool. - To generate a random number, a SHA-3 final operation is performed to calculate a message digest followed by an immediate SHA-3 init to re-initialize the "entropy pool". The obtained message digest is one block of the Jitter RNG that is returned to the caller. Mathematically speaking, the random number generated by the Jitter RNG is: aux_t = SHA-3(Jitter RNG state data) Jitter RNG block = SHA-3(time_i || aux_i || time_(i-1) || aux_(i-1) || ... || time_(i-255) || aux_(i-255)) when assuming that the OSR = 1, i.e. the default value. This operation implies that the Jitter RNG has an output-blocksize of 256 bits instead of the 64 bits of the LFSR-based Jitter RNG that is replaced with this patch. The patch also replaces the varying number of invocations of the conditioning function with one fixed number of invocations. The use of the conditioning function consistent with the userspace Jitter RNG library version 3.4.0. The code is tested with a system that exhibited the least amount of entropy generated by the Jitter RNG: the SiFive Unmatched RISC-V system. The measured entropy rate is well above the heuristically implied entropy value of 1 bit of entropy per time delta. On all other tested systems, the measured entropy rate is even higher by orders of magnitude. The measurement was performed using updated tooling provided with the user space Jitter RNG library test framework. The performance of the Jitter RNG with this patch is about en par with the performance of the Jitter RNG without the patch. Signed-off-by: Stephan Mueller <[email protected]> Signed-off-by: Herbert Xu <[email protected]> Back-port of commit bb897c5 Author: Stephan Müller <[email protected]> Date: Fri Apr 21 08:08:04 2023 +0200 Signed-off-by: Jeremy Allison <[email protected]> Signed-off-by: Jonathan Maple <[email protected]>

I.G 9.7.B for FIPS 140-3 specifies that variables temporarily holding cryptographic information should be zeroized once they are no longer needed. Accomplish this by using kfree_sensitive for buffers that previously held the private key. Signed-off-by: Hailey Mothershead <[email protected]> Signed-off-by: Herbert Xu <[email protected]> Back-ported from commit 23e4099 Author: Hailey Mothershead <[email protected]> Date: Mon Apr 15 22:19:15 2024 +0000 Signed-off-by: Jeremy Allison <[email protected]> Signed-off-by: Jonathan Maple <[email protected]>

Signed-off-by: Jeremy Allison <[email protected]> Signed-off-by: Jonathan Maple <[email protected]>

private_key is overwritten with the key parameter passed in by the caller (if present), or alternatively a newly generated private key. However, it is possible that the caller provides a key (or the newly generated key) which is shorter than the previous key. In that scenario, some key material from the previous key would not be overwritten. The easiest solution is to explicitly zeroize the entire private_key array first. Note that this patch slightly changes the behavior of this function: previously, if the ecc_gen_privkey failed, the old private_key would remain. Now, the private_key is always zeroized. This behavior is consistent with the case where params.key is set and ecc_is_key_valid fails. Signed-off-by: Joachim Vandersmissen <[email protected]> Signed-off-by: Herbert Xu <[email protected]> Signed-off-by: Jonathan Maple <[email protected]>

[ Upstream commit ba3c557 ] When the mpi_ec_ctx structure is initialized, some fields are not cleared, causing a crash when referencing the field when the structure was released. Initially, this issue was ignored because memory for mpi_ec_ctx is allocated with the __GFP_ZERO flag. For example, this error will be triggered when calculating the Za value for SM2 separately. Fixes: d58bb7e ("lib/mpi: Introduce ec implementation to MPI library") Cc: [email protected] # v6.5 Signed-off-by: Tianjia Zhang <[email protected]> Signed-off-by: Herbert Xu <[email protected]> Signed-off-by: Sasha Levin <[email protected]> Signed-off-by: Jonathan Maple <[email protected]>

…ey() to zeroize keys on exit. converting ws Signed-off-by: Jonathan Maple <[email protected]>

None of the ciphers used by the DRBG have an alignment requirement; thus, they all return 0 from .crypto_init, resulting in inconsistent alignment across all buffers. Align all buffers to at least a cache line to improve performance. This is especially useful when multiple DRBG instances are used, since it prevents false sharing of cache lines between the different instances. Signed-off-by: Sultan Alsawaf <[email protected]> Signed-off-by: Jonathan Maple <[email protected]>

Like pin_user_pages_fast(), but with the internal-only FOLL_FAST_ONLY flag. This complements the get_user_pages*() API, which already has get_user_pages_fast_only(). Signed-off-by: Sultan Alsawaf <[email protected]> Signed-off-by: Jonathan Maple <[email protected]>

There is no reason this refcount should be a signed int. Convert it to an unsigned int, thereby also making it less likely to ever overflow. Signed-off-by: Sultan Alsawaf <[email protected]> Signed-off-by: Jonathan Maple <[email protected]>

Since crypto_devrandom_read_iter() is invoked directly by user tasks and is accessible by every task in the system, there are glaring priority inversions on crypto_reseed_rng_lock and crypto_default_rng_lock. Tasks of arbitrary scheduling priority access crypto_devrandom_read_iter(). When a low-priority task owns one of the mutex locks, higher-priority tasks waiting on that mutex lock are stalled until the low-priority task is done. Fix the priority inversions by converting the mutex locks into rt_mutex locks which have PI support. Signed-off-by: Sultan Alsawaf <[email protected]> Signed-off-by: Jonathan Maple <[email protected]>

When the kernel is booted with fips=1, the RNG exposed to userspace is hijacked away from the CRNG and redirects to crypto_devrandom_read_iter(), which utilizes the DRBG. Notably, crypto_devrandom_read_iter() maintains just two global DRBG instances _for the entire system_, and the two instances serve separate request types: one instance for GRND_RANDOM requests (crypto_reseed_rng), and one instance for non-GRND_RANDOM requests (crypto_default_rng). So in essence, for requests of a single type, there is just one global RNG for all CPUs in the entire system, which scales _very_ poorly. To make matters worse, the temporary buffer used to ferry data between the DRBG and userspace is woefully small at only 256 bytes, which doesn't do a good job of maximizing throughput from the DRBG. This results in lost performance when userspace requests >256 bytes; it is observed that DRBG throughput improves by 70% on an i9-13900H when the buffer size is increased to 4096 bytes (one page). Going beyond the size of one page up to the DRBG maximum request limit of 65536 bytes produces diminishing returns of only 3% improved throughput in comparison. And going below the size of one page produces progressively less throughput at each power of 2: there's a 5% loss going from 4096 bytes to 2048 bytes and a 9% loss going from 2048 bytes to 1024 bytes. Thus, this implements per-CPU DRBG instances utilizing a page-sized buffer for each CPU to utilize the DRBG itself more effectively. On top of that, for non-GRND_RANDOM requests, the DRBG's operations now occur under a local lock that disables preemption on non-PREEMPT_RT kernels, which not only keeps each CPU's DRBG instance isolated from another, but also improves temporal cache locality while the DRBG actively generates a new string of random bytes. Prefaulting one user destination page at a time is also employed to prevent a DRBG instance from getting blocked on page faults, thereby maximizing the use of the DRBG so that the only bottleneck is the DRBG itself. Signed-off-by: Sultan Alsawaf <[email protected]> Signed-off-by: Jonathan Maple <[email protected]>

JIRA: INTERNAL Revert Author <[email protected]> Revert Commit 9b7b946 Revert Reason: This changes the default DRBG back to HMAC SHA256 as more processors have hardware acceleration for this algorithm. Approved by the lab. The default DRBG is the one that has the highest priority. The priority is defined based on the order of the list drbg_cores[] where the highest priority is given to the last entry by drbg_fill_array. With this patch the default DRBG is switched from HMAC SHA256 to HMAC SHA512 to support compliance with SP800-90B and SP800-90C (current draft). The user of the crypto API is completely unaffected by the change. Signed-off-by: Stephan Mueller <[email protected]> Acked-by: simo Sorce <[email protected]> Signed-off-by: Herbert Xu <[email protected]> Signed-off-by: Jeremy Allison <[email protected]> Signed-off-by: Jonathan Maple <[email protected]>

We want to hard set the x86_64 FIPS required configs rather than rely on default settings in the kernel, should these ever change without our knowing it would not be something we would have actively checked. The configs are a limited set of configs that is expanded out when building using `make olddefconfig` a common practice in kernel building. Note had to manually add the following since its normaly set by the RPM build process. CONFIG_CRYPTO_FIPS_NAME="Rocky Linux 9 Kernel Cryptographic API" Signed-off-by: Jonathan Maple <[email protected]>

…DRBG" JIRA: INTERNAL Revert Author <[email protected]> Revert Commit fd8a0de. Revert Reason: This changes the default DRBG back to HMAC SHA512 to keep entropy certifications for all Rocky9.6 FIPS modules. Approved by the lab. Keeping hmac(sha512) allows the entropy certificates used for Rocky 9.2 FIPS to be re-used in 9.6, preventing re-certification of all the kernel and userspace modules. NB. We still get the scalability speedup from the per-CPU DRBG changes. Signed-off-by: Jeremy Allison <[email protected]> Signed-off-by: Jonathan Maple <[email protected]>

bmastbergen

🥌

jallisonciq and others added 14 commits September 3, 2025 15:15

SUSE: patch: crypto-ecdh-implement-FIPS-PCT.patch

596e142

Signed-off-by: Jeremy Allison <[email protected]> Signed-off-by: Jonathan Maple <[email protected]>

In essiv_aead_setkey(), use the same logic as crypto_authenc_esn_setk…

5c2a1dd

…ey() to zeroize keys on exit. converting ws Signed-off-by: Jonathan Maple <[email protected]>

PlaidCat requested review from kerneltoast, bmastbergen, jason-rodri, jallisonciq, thefossguy-ciq and shreeya-patel98 September 3, 2025 20:47

PlaidCat self-assigned this Sep 3, 2025

bmastbergen approved these changes Sep 4, 2025

View reviewed changes

kerneltoast approved these changes Sep 4, 2025

View reviewed changes

PlaidCat merged commit 9a7e417 into fips-9-compliant/5.14.0-570.39.1.el9_6 Sep 4, 2025
4 checks passed

PlaidCat deleted the jmaple_fips-9-compliant/5.14.0-570.39.1.el9_6 branch September 4, 2025 16:11

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

[fips-9-compliant] Rebase Custom changes to 5.14.0-570.39.1.el9_6 #547

[fips-9-compliant] Rebase Custom changes to 5.14.0-570.39.1.el9_6 #547

Uh oh!

PlaidCat commented Sep 3, 2025

Uh oh!

bmastbergen left a comment

Uh oh!

Uh oh!

Uh oh!

[fips-9-compliant] Rebase Custom changes to 5.14.0-570.39.1.el9_6 #547

[fips-9-compliant] Rebase Custom changes to 5.14.0-570.39.1.el9_6 #547

Uh oh!

Conversation

PlaidCat commented Sep 3, 2025

Update process (This kernel CentOS base for 5.14.0-570)

FIPS checks

Removed Commits

Forward Port Process

BUILD

KSelfTest

Uh oh!

bmastbergen left a comment

Choose a reason for hiding this comment

Uh oh!

Uh oh!

Uh oh!

Update process (This kernel CentOS base for `5.14.0-570`)