Actions
action #81757
closed[sle][security][sle15sp3][feature][manual] Support NIST 800-90B entropy collection in Linux Kernel (Must Have)
Start date:
2021-01-05
Due date:
% Done:
0%
Estimated time:
24.00 h
Difficulty:
Description
JIRA ID:
https://jira.suse.com/browse/SLE-15314
Description:
For the SLE15 FIPS kernel patches and the hardware entropy collection we need to do some changes.
The current Linux RNG stack entropy gathering is not going to NIST 800-90B compliant, meaning we might not be able to certify it.
Stephan Mueller of atsec has written and also completely reviewed and documented his "jitterd" approach of entropy gathering, which I understand would need to be integrated into the kernel.
Upstream kernel development (Ted Tso?) does not like it apparently, we might need to keep our own port in our kernel tree for this.
Updated by bchou over 3 years ago
- Subject changed from [sle][security][sle15sp3][feature] Support NIST 800-90B entropy collection in Linux Kernel (Must Have) to [sle][security][sle15sp3][feature][manual] Support NIST 800-90B entropy collection in Linux Kernel (Must Have)
- Estimated time changed from 16.00 h to 20.00 h
Updated by bchou over 3 years ago
- Estimated time changed from 20.00 h to 24.00 h
Updated by bchou about 3 years ago
- Status changed from New to Rejected
Marcus Meissner commented in the Epic that this can not be done for SP3. We can reopen it for SP4.
Set as Rejected in SP3.
Actions