Skip to content
This repository has been archived by the owner on May 12, 2021. It is now read-only.

FIPS: Add support for starting VM in FIPS mode. #2171

Merged
merged 1 commit into from
Nov 11, 2019
Merged

FIPS: Add support for starting VM in FIPS mode. #2171

merged 1 commit into from
Nov 11, 2019
+78 −0

Conversation

amshinde
Copy link
Member

@amshinde amshinde commented Nov 8, 2019
edited
Loading

FIPS are a set of security standards for encryption algororithms
in user and kernel space among others.
Have Kata support this by starting the VM for a container
in FIPS mode on detecting that the host is running in FIPS mode.

Depends-on: github.com/kata-containers/packaging#788

Fixes #2170

Signed-off-by: Archana Shinde [email protected]

@amshinde amshinde added the do-not-merge PR has problems or depends on another label Nov 8, 2019
@amshinde
Copy link
Member Author

amshinde commented Nov 8, 2019

Depends on kata-containers/packaging#788

jodh-intel
jodh-intel approved these changes Nov 8, 2019
View reviewed changes
Copy link
Contributor

@jodh-intel jodh-intel left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks @amshinde.

lgtm

pkg/katautils/create.go Outdated

enabled, err := strconv.Atoi(strings.Trim(string(content), "\n\t "))
if err != nil {
// Enexpected format, ignore and simply return early
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Nit: typo - "unexpected".

@devimc
Copy link

devimc commented Nov 8, 2019

commit message: typo: s/algororithms/algorithms

@amshinde
FIPS: Add support for starting VM in FIPS mode.
0bd41b9 
FIPS are a set of security standards for encryption algorithms
in user and kernel space among others.
Have Kata support this by starting the VM for a container
in FIPS mode on detecting that the host is running in FIPS mode.

Depends-on: github.com/kata-containers/packaging#788

Fixes kata-containers#2170

Signed-off-by: Archana Shinde <[email protected]>
@amshinde amshinde removed the do-not-merge PR has problems or depends on another label Nov 8, 2019
@amshinde
Copy link
Member Author

amshinde commented Nov 8, 2019

Typos fixed.
/test

@codecov
Copy link

codecov bot commented Nov 8, 2019

Codecov Report

Merging #2171 into master will increase coverage by 0.02%.
The diff coverage is 75%.

@@            Coverage Diff             @@
##           master    #2171      +/-   ##
==========================================
+ Coverage   50.94%   50.96%   +0.02%     
==========================================
  Files         110      110              
  Lines       15205    15221      +16     
==========================================
+ Hits         7746     7758      +12     
- Misses       6505     6507       +2     
- Partials      954      956       +2

@bergwolf
Copy link
Member

failed ci looks unrelated (kata-containers/tests#2069)
/merging...

@bergwolf bergwolf merged commit 31b5f96 into kata-containers:master Nov 11, 2019
@amshinde amshinde deleted the support-fips-mode branch June 19, 2020 18:35
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Reviewers

@jodh-intel jodh-intel jodh-intel approved these changes

@devimc devimc devimc approved these changes

@bergwolf bergwolf bergwolf approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Add support for FIPS mode
4 participants
@amshinde @devimc @bergwolf @jodh-intel