qemu/docs/system
Daniel P. Berrangé 166310299a os: deprecate the -enable-fips option and QEMU's FIPS enforcement
The -enable-fips option was added a long time ago to prevent the use of
single DES when VNC when FIPS mode is enabled. It should never have been
added, because apps are supposed to unconditionally honour FIPS mode
based on the '/proc/sys/crypto/fips_enabled' file contents.

In addition there is more to achieving FIPS compliance than merely
blocking use of certain algorithms. Those algorithms which are used
need to perform self-tests at runtime.

QEMU's built-in cryptography provider has no support for self-tests,
and neither does the nettle library.

If QEMU is required to be used in a FIPS enabled host, then it must be
built with the libgcrypt library enabled, which will unconditionally
enforce FIPS compliance in any algorithm usage.

Thus there is no need to keep either the -enable-fips option in QEMU, or
QEMU's internal FIPS checking methods.

Reviewed-by: John Snow <jsnow@redhat.com>
Reviewed-by: Thomas Huth <thuth@redhat.com>
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
2021-01-29 17:07:53 +00:00
..
_templates docs: add "page source" link to sphinx documentation 2020-11-10 08:51:30 +01:00
arm target/arm: Add cpu properties to control pauth 2021-01-19 14:38:51 +00:00
i386 docs: Move microvm.rst into the system manual 2020-11-23 11:10:04 +00:00
s390x docs/system/s390x: Add a chapter about s390x boot devices 2020-08-27 12:37:03 +02:00
build-platforms.rst docs/system: Fix grammar in documentation 2020-09-01 12:09:30 +02:00
cpu-hotplug.rst docs: Move cpu-hotplug.rst into the system manual 2020-11-23 11:07:41 +00:00
cpu-models-mips.rst.inc docs/system: Update MIPS CPU documentation 2020-10-17 13:59:40 +02:00
cpu-models-x86.rst.inc qemu-cpu-models.rst: Document -noTSX, mds-no, taa-no, and tsx-ctrl 2020-03-16 23:02:25 +01:00
deprecated.rst os: deprecate the -enable-fips option and QEMU's FIPS enforcement 2021-01-29 17:07:53 +00:00
device-url-syntax.rst.inc manual: escape backslashes in "parsed-literal" blocks 2020-09-16 10:52:34 +02:00
gdb.rst docs: Get rid of the weird _005f links in the man page 2020-11-20 13:19:08 +01:00
images.rst docs: Get rid of the weird _005f links in the man page 2020-11-20 13:19:08 +01:00
index.rst docs/system: Move the list of removed features to a separate file 2020-12-15 12:52:02 -05:00
invocation.rst docs: Split out sections for the manpage into .rst.inc files 2020-03-06 11:06:55 +00:00
ivshmem.rst docs/system: convert Texinfo documentation to rST 2020-03-06 10:05:12 +00:00
keys.rst docs: Split out sections for the manpage into .rst.inc files 2020-03-06 11:06:55 +00:00
keys.rst.inc docs: Split out sections for the manpage into .rst.inc files 2020-03-06 11:06:55 +00:00
license.rst docs/system: convert Texinfo documentation to rST 2020-03-06 10:05:12 +00:00
linuxboot.rst docs/system: convert Texinfo documentation to rST 2020-03-06 10:05:12 +00:00
managed-startup.rst docs/system: convert managed startup to rST. 2020-03-06 10:05:12 +00:00
monitor.rst docs: Get rid of the weird _005f links in the man page 2020-11-20 13:19:08 +01:00
mux-chardev.rst docs: Get rid of the weird _005f links in the man page 2020-11-20 13:19:08 +01:00
mux-chardev.rst.inc docs: Split out sections for the manpage into .rst.inc files 2020-03-06 11:06:55 +00:00
net.rst docs/system: convert Texinfo documentation to rST 2020-03-06 10:05:12 +00:00
pr-manager.rst docs/system/pr-manager.rst: Fix minor docs nits 2020-11-23 11:10:04 +00:00
qemu-block-drivers.rst docs: Create defs.rst.inc as a place to define substitutions 2020-03-06 10:04:58 +00:00
qemu-block-drivers.rst.inc block: introduce preallocate filter 2020-12-18 12:35:55 +01:00
qemu-cpu-models.rst docs/system: Convert qemu-cpu-models.texi to rST 2020-03-06 10:05:12 +00:00
qemu-manpage.rst docs: Generate qemu.1 manpage with Sphinx 2020-03-06 11:06:55 +00:00
quickstart.rst docs/system: convert Texinfo documentation to rST 2020-03-06 10:05:12 +00:00
removed-features.rst qmp: remove deprecated "change" command 2021-01-23 15:55:07 -05:00
security.rst docs/system: Convert security.texi to rST format 2020-03-06 10:05:12 +00:00
target-arm.rst docs/system: arm: Add sabrelite board description 2021-01-08 15:13:39 +00:00
target-avr.rst docs/: fix some comment spelling errors 2020-09-17 20:37:13 +02:00
target-i386-desc.rst.inc pcspk: update docs/system/target-i386-desc.rst.inc 2020-07-06 17:01:11 +02:00
target-i386.rst docs: Move microvm.rst into the system manual 2020-11-23 11:10:04 +00:00
target-m68k.rst docs: Roll semihosting option information into qemu-options.hx 2020-03-06 10:05:12 +00:00
target-mips.rst docs/system: Update MIPS machine documentation 2021-01-04 23:36:03 +01:00
target-ppc.rst docs: Roll -prom-env and -g target-specific info into qemu-options.hx 2020-03-06 10:05:18 +00:00
target-rx.rst docs: Document the RX target 2020-06-22 18:37:12 +02:00
target-s390x.rst docs/system/s390x: Add a chapter about s390x boot devices 2020-08-27 12:37:03 +02:00
target-sparc64.rst docs: Roll -prom-env and -g target-specific info into qemu-options.hx 2020-03-06 10:05:18 +00:00
target-sparc.rst docs: Roll -prom-env and -g target-specific info into qemu-options.hx 2020-03-06 10:05:18 +00:00
target-xtensa.rst docs: Roll semihosting option information into qemu-options.hx 2020-03-06 10:05:12 +00:00
targets.rst target/avr: Add section into QEMU documentation 2020-07-11 11:02:05 +02:00
tls.rst docs/system: convert Texinfo documentation to rST 2020-03-06 10:05:12 +00:00
usb.rst docs: Get rid of the weird _005f links in the man page 2020-11-20 13:19:08 +01:00
virtio-net-failover.rst docs: Move virtio-net-failover.rst into the system manual 2020-11-23 11:07:41 +00:00
virtio-pmem.rst docs/system/virtio-pmem.rst: Fix minor style issues 2020-11-23 11:07:41 +00:00
vnc-security.rst docs: Get rid of the weird _005f links in the man page 2020-11-20 13:19:08 +01:00