File tree Expand file tree Collapse file tree 1 file changed +43
-0
lines changed
Expand file tree Collapse file tree 1 file changed +43
-0
lines changed Original file line number Diff line number Diff line change @@ -47,3 +47,46 @@ $ sudo modprobe libwolfssl
4747| --enable-linuxkm-pie | Enable relocatable object build of module|
4848| --enable-linuxkm-benchmarks | Run crypto benchmark at module load |
4949
50+ ## Kernel Patches
51+
52+ The dir ` linuxkm/patches ` contains a patch to the linux kernel CRNG. The
53+ CRNG provides the implementation for ` /dev/random ` , ` /dev/urandom ` , and
54+ ` getrandom() ` .
55+
56+ The patch updates these two sources
57+ - ` drivers/char/random.c `
58+ - ` include/linux/random.h `
59+
60+
61+ to use FIPS-compliant algorithms, instead of chacha and blake2s.
62+
63+ Patches are provided for several kernel versions, ranging from ` 5.10.x ` to
64+ ` 6.15 ` .
65+
66+ ### patch procedure
67+
68+ 1 . Ensure kernel src tree is clean before patching:
69+
70+ ``` sh
71+ cd ~ /kernelsrc/
72+ make mrproper
73+ ```
74+
75+ 2 . Verify patches will apply clean with a dry run check:
76+
77+ ``` sh
78+ patch -p1 --dry-run < ~/wolfssl-5.8.2/linuxkm/patches/6.12/WOLFSSL_LINUXKM_HAVE_GET_RANDOM_CALLBACKS-6v12.patch
79+ checking file drivers/char/random.c
80+ checking file include/linux/random.h
81+ ```
82+
83+ 3 . Finally patch the kernel:
84+
85+ ``` sh
86+ patch -p1 < ~/wolfssl-5.8.2/linuxkm/patches/6.12/WOLFSSL_LINUXKM_HAVE_GET_RANDOM_CALLBACKS-6v12.patch
87+ patching file drivers/char/random.c
88+ patching file include/linux/random.h
89+ ```
90+
91+ 4 . Build kernel.
92+
You can’t perform that action at this time.
0 commit comments