I need to run the linux kernel with fips mode enabled on the Jetson AGX Xavier, so I have set the fips=1 in the boot cmdline and I have also compiled the kernel with the following flags:
CRYPTO y
CRYPTO_FIPS y
CRYPTO_MANAGER_DISABLE_TESTS n
CRYPTO_ANSI_CPRNG y
CRYPTO_DRBG y
HW_RANDOM y
HW_RANDOM_CCTRNG y
CRYPTO_DRBG_MENU y
CRYPTO_DRBG_HMAC y
But when I boot the kernel it hangs after printing random: crng init done. After throwing some additional prints in the kernel, it seems to be stuck in the add interrupt randomness function that calles the credit entropy function in drivers/char/random.c. From googling online this is probably correlated to a low entropy situation. Has anyone setup fips on a Jetson AGX? If so what is the correct KConfig? If not, does anyone here have any ideas as to how to make this work?
I need to run the linux kernel in FIPS mode, so when I boot /proc/sys/crypto/fips_enabled needs to be 1. This is the FIPS 200 KConfig that I am setting. I also noticed that MODULE_SIG was necessary so I enabled to that but now the board won’t boot because of this:
E> file /sd/boot.img open failed!!
E> Error (202113041) removable storage load failed for kernel & kernel-dtb
My end goal is just to have the kernel running in FIPS 200 mode and I want to know what the correct kernel configuration I need to enable this on the nvidia Jetson AGX Xavier.
Also note I am not using the default ubuntu that comes with the Jetson. But I am using the jetson L4T kernel that is shipped with Jetpack 4.2.1 and its kernel version is 4.9.140.
It looks like the TPM has a hardware RNG module so if I could some how enable that and get the kernel to use that then I would be able to use the kConfig I posted in my first post.