This patch series implements FIPS 140-3 compliance requirements for random number generation in the Linux kernel 6.12. The changes ensure that when the kernel is operating in FIPS mode, FIPS-compliant random number generators are used instead of the default /dev/random implementation.
IMPORTANT: These two patches must be applied together as a series. Applying only the first patch without the second will cause a deadlock during boot in FIPS-enabled environments. The second patch fixes a critical timing issue introduced by the first patch where the crypto RNG attempts to override the drivers/char/random interface before the default RNG becomes available.
The series consists of two patches: 1. Initial implementation to override drivers/char/random in FIPS mode 2. Refinement to ensure override only occurs after FIPS-mode RNGs are available
These 2 patches are required for FIPS 140-3 certification and compliance in government and enterprise environments.
Herbert Xu (1): crypto: rng - Override drivers/char/random in FIPS mode
Jay Wang (1): Override drivers/char/random only after FIPS-mode RNGs become available
crypto/rng.c | 92 ++++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 92 insertions(+)