Currently, suspend on x86_64 fails when FIPS mode is enabled because it uses md5
to generate a digest of the e820 region. MD5 is not FIPS compliant so an error
is reported and the suspend fails.
MD5 is used only to create a digest to ensure integrity of the region, no actual
encryption is done. This patch set changes the integrity check to use crc32
instead of md5 since crc32 is available in both FIPS and non-FIPS modes.
Chris von Recklinghausen (1):
use crc32 instead of md5 for hibernation image integrity check
arch/x86/power/hibernate.c | 31 +++++++++++++++++--------------
1 file changed, 17 insertions(+), 14 deletions(-)
--
2.18.1
Le 01/04/2021 à 14:24, Chris von Recklinghausen a écrit :
> Currently, suspend on x86_64 fails when FIPS mode is enabled because it uses md5
> to generate a digest of the e820 region. MD5 is not FIPS compliant so an error
> is reported and the suspend fails.
>
> MD5 is used only to create a digest to ensure integrity of the region, no actual
> encryption is done. This patch set changes the integrity check to use crc32
> instead of md5 since crc32 is available in both FIPS and non-FIPS modes.
Why not put all those explanations in the patch itself ?
Because text in the cover is lost, so a cover is not really usefull for a single patch.
>
> Chris von Recklinghausen (1):
> use crc32 instead of md5 for hibernation image integrity check
>
> arch/x86/power/hibernate.c | 31 +++++++++++++++++--------------
> 1 file changed, 17 insertions(+), 14 deletions(-)
>