Linux Kernel Signature Verification Code Adds FIPS Compliance

Phoronix reports a new change was merged into the soon-to-be-released Linux 5.19 on Tuesday, making the kernel's signature verification code compliant with the Federal Information Processing Standards known as FIPS: FIPS are public standards via the National Institute of Standards and Technology used by U.S. government agencies and contractors in the areas of computer security and interoperability... Known-answer self-tests are required for FIPS compliance at startup/reboot, but the Linux kernel's signature verification code has been lacking such tests.

The signature checking code is used for module signing, Kexec, and other functionality. With Linux 5.19 there will now be some basic self-tests at start.
The tests will make their debut in Linux 5.19-rc4.

Thanks to long-time Slashdot reader UnknowingFool for sharing the news!

Re:

[UnknowingFool]

"federal altar" ie kow-towing to external influences. . In which case it's time to ditch linux. . . only exists to appease FIPS compliance demands."

Wow, someone is irrationally angry that Linux, years after a standard was published, did the absolute minimum to comply with that standard. And by minimum, that means adding a small bit of code. To be clear, Linux was already mostly compliant; it lacked the "known self-tests" at start/reboot that the standard requires. I hate to tell that person that Linux is used already by "federal altar" types like Lawrence Livermore National Laboratory. Also this means different variants of Linux like Red Hat [redhat.com] which is F

Bring on the conspiracy theories!

[splutty]

Let's see how many comments there are about all sorts of conspiracy theories from people who have no clue what FIPS means or does!

Re:

[Ostracus]

Can we throw in TPM for good effect? That always makes people wet the bed.

Re: Bring on the conspiracy theories!

[Slashythenkilly]

Its fair to be paranoid considering what Snowden revealed he did at Booze-Hamilton

Re:

[UnknowingFool]

Wait till people find out that Linux tries to comply with POSIX and Single Unix Specification--shhhh. Don't say that too loud.

Re:

[arglebargle_xiv]

It's OK, it's nothing much to do with FIPS compliance, they just added a unit test/self-test. Sure, that's buried in a corner of FIPS 140 along with a bazillion other odds and ends, but sheesh, they added a unit test, that's all.

This sounds OK.

[Canberra1]

Just be aware a superkey may have more than one private key. It would appear Linux will still enable superior modern, more efficient algorithms not presently approved by FIP's. Which is good, given the tardy response on compromised or suspect algorithms. So said the evil ME standalone OS that runs under windows - well who knows what it is up to,

compliance vs certification

[awwshit]

Compliance by itself is only a start. To use this in an environment where FIPS is a requirement it has to not only be compliant, it has to be third party certified. That 3rd party certification is expensive, which means that you are only likely to find it in a commercial offering.

Re:

[drinkypoo]

While true, you can't have the one without the other, and this is one of the ones.

I won't be surprised if Ubuntu does a FIPS flavor

FIPS is required, but also ridiculous

[Xenographic]

I mean, it's likely that some of the commercial distros want this to help them get federal contracts.

But FIPS itself is kind of a brain dead standard, sometimes mandating support for stupid and insecure things like Dual_EC_DRBG [wikipedia.org]:

According to John Kelsey (who was listed as author of NIST SP 800-90A together with Elaine Barker), the possibility of the backdoor by carefully chosen P and Q values was brought up at an ANSI X9.82 meeting. As a result, a way was specified for implementers to choose their own P and

Re:

[UnknowingFool]

From your own link in the first sentence: " . . .it was withdrawn in 2014." At the time that it was adopted, it was not known that there was a backdoor. It was suspected by some; when more evidence arose that there was a backdoor, the standard was withdrawn.

Re:

[Xenographic]

So what? It was silly of FIPS to ever mandate this. There are plenty of other reasons [marc.info] why it's ridiculous to use it unless you have to [microsoft.com], that one is just the most famous.

Re:

[bill_mcgonigle]

Isn't FIPS from NIST? The F is 'Federal'. Of course the Feds are going to mandate the backdoors they paid to create and make default in the RSA library.

Re:

[UnknowingFool]

Generally Linux itself does not do certification due to the cost and time required. However, variants of Linux like RedHat are free to become certified. This change means less work/testing for those variants.

Re:

[awwshit]

Right, exactly.

Is it PQC Compliant?

[hAckz0r]

It won't be long before Nation States have Quantum key cracking capability and will be able to crack most FIPS crypto keysystems. NIST has not even announced a potential PQC standard for this yet but some algorithms are obviously better than others. The draft release for a standard with a call for comments is expected 2022-2023 at best.

https://www.nccoe.nist.gov/sit... [nist.gov]

The title (and article) are horrid

[chill]

FIPS isn't a standard. FIPS ###-# are standards issued by the U.S. Gov't that are *required* to be used when applicable. The exact phrasing is usually something like "No provision is provided under FISMA for waivers to FIPS made mandatory by the Secretary of
Commerce.".

They are the stricter cousins to the NIST SP-XXX series of publications, which are more like guidelines and leave a lot of leeway for implementation -- mostly.

There are close to a dozen [nist.gov] FIPS standards, while there are over 200 [nist.gov] SPs.

The FIPS-140-3 standard covers cryptographic modules and their choice and use in Federal information systems. One of the dozens of requirements buried in the associated SP 800-140 series that breaks out the specifics of cryptographic modules is self-test on start.

OpenSSL has a validated FIPS 140-2 module for v2.x and they are going through validation testing [openssl.org] for the v3.x version.

The ability to test for correctness is a good thing to add, but we're talking like one capability of dozens and it'd need to go thru conformance testing. And the kernel isn't a cryptographic module, so... I'm not sure which FIPS they're talking about, unless they really mean FIPS-200 which directs you to NIST SP 800-53r5, and in there control SI-7 Software, Firmware, and Information Integrity for HIGH baseline systems.

Re: The title (and article) are horrid

[madbrain]

TFA mentions that it's FIPS140.

The kernel isn't a cryptographic module. But some of its functionality relies on cryptographic functions. That subset is likely considered to the cryptographic module, for purposes of FIPS140. That's where the cryptographic boundary is likely set, for purpose of FIPS140 validation.

Re:

[tlhIngan]

The kernel isn't a cryptographic module. But some of its functionality relies on cryptographic functions. That subset is likely considered to the cryptographic module, for purposes of FIPS140. That's where the cryptographic boundary is likely set, for purpose of FIPS140 validation.

Yeah, I've seen requests come in for FIPS-140 certified Wi-Fi modules. Took quite a bit of digging to figure out what that meant, but it turned out the encryption system used must be certified. (WPA-CCMP is using AES internally, s