[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [PATCH] os: deprecate the -enable-fips option and QEMU's FIPS enforc
From: |
Paolo Bonzini |
Subject: |
Re: [PATCH] os: deprecate the -enable-fips option and QEMU's FIPS enforcement |
Date: |
Tue, 20 Oct 2020 19:22:03 +0200 |
User-agent: |
Mozilla/5.0 (X11; Linux x86_64; rv:78.0) Gecko/20100101 Thunderbird/78.3.1 |
On 20/10/20 18:22, Daniel P. Berrangé wrote:
> @@ -153,6 +153,9 @@ int os_parse_cmd_args(int index, const char *optarg)
> break;
> #if defined(CONFIG_LINUX)
> case QEMU_OPTION_enablefips:
> + warn_report("-enable-fips is deprecated, please build QEMU with "
> + "the `libgcrypt` library as the cryptography provider "
> + "to enable FIPS compliance");
> fips_set_state(true);
> break;
> #endif
Should you also remove fips_set_state(true) and make fips_get_state()
return the contents of /proc/sys/crypto/fips_enabled, so that VNC
password authentication is disabled?
Paolo
Re: [PATCH] os: deprecate the -enable-fips option and QEMU's FIPS enforcement, Thomas Huth, 2020/10/21