Actions
action #81757
closed[sle][security][sle15sp3][feature][manual] Support NIST 800-90B entropy collection in Linux Kernel (Must Have)
Start date:
2021-01-05
Due date:
% Done:
0%
Estimated time:
24.00 h
Difficulty:
Description
JIRA ID:
https://jira.suse.com/browse/SLE-15314
Description:
For the SLE15 FIPS kernel patches and the hardware entropy collection we need to do some changes.
The current Linux RNG stack entropy gathering is not going to NIST 800-90B compliant, meaning we might not be able to certify it.
Stephan Mueller of atsec has written and also completely reviewed and documented his "jitterd" approach of entropy gathering, which I understand would need to be integrated into the kernel.
Upstream kernel development (Ted Tso?) does not like it apparently, we might need to keep our own port in our kernel tree for this.
Actions