| sarnold | but if our certified kernel just plain doesn't drive that nic, it's probably a non-starter | 00:18 |
|---|---|---|
| JanC | well, you can always certify the kernel yourself | 01:21 |
| JanC | it will cost more obviously | 01:21 |
| JanC | or build your own & certify i | 01:22 |
| JanC | *it | 01:22 |
| sarnold | I can't begin to fathom the cost :) | 01:22 |
| JanC | in part because the existing certifications are mostly bogus anyway ;-) | 01:24 |
| JanC | in fact, I would say guaranteeing it if you build everything yourself could actually be cheaper | 01:28 |
| JanC | at least in some cases | 01:29 |
| JanC | but then again FIPS is probably just a "minimal best effort" thing anyway | 01:32 |
| sarnold | well, step one with FIPS is selecting which specific hardware platforms you're going to be using, and make one of them available to the certification lab | 01:34 |
| sarnold | eg "Ubuntu 20.04 LTS 64-bit running on Supermicro SYS-1019P-WTR with Intel(R) Xeon(R) Gold 6226 CPU with PAA" https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/3928 | 01:34 |
| JanC | which is probably quite ridiculous from a security PoV | 01:35 |
| sarnold | 95% agreed, yeah | 01:36 |
| JanC | I doubt xevious is using that :) | 01:36 |
| JanC | or if he they could even but that, today | 01:36 |
| JanC | *buy that* | 01:36 |
| sarnold | there might be one on ebay! | 01:37 |
| sarnold | lots of neat stuff on ebay | 01:37 |
| JanC | but that one might be modified :) | 01:37 |
Generated by irclog2html.py 2.7 by Marius Gedminas - find it at mg.pov.lt!