[00:18] <sarnold> but if our certified kernel just plain doesn't drive that nic, it's probably a non-starter
[01:21] <JanC> well, you can always certify the kernel yourself
[01:21] <JanC> it will cost more obviously
[01:22] <JanC> or build your own & certify i
[01:22] <JanC> *it
[01:22] <sarnold> I can't begin to fathom the cost :)
[01:24] <JanC> in part because the existing certifications are mostly bogus anyway  ;-)
[01:28] <JanC> in fact, I would say guaranteeing it if you build everything yourself could actually be cheaper
[01:29] <JanC> at least in some cases
[01:32] <JanC> but then again FIPS is probably just a "minimal best effort" thing anyway
[01:34] <sarnold> well, step one with FIPS is selecting which specific hardware platforms you're going to be using, and make one of them available to the certification lab
[01:34] <sarnold> eg "Ubuntu 20.04 LTS 64-bit running on Supermicro SYS-1019P-WTR with Intel(R) Xeon(R) Gold 6226 CPU with PAA"  https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/3928
[01:35] <JanC> which is probably quite ridiculous from a security PoV
[01:36] <sarnold> 95% agreed, yeah
[01:36] <JanC> I doubt xevious is using that  :)
[01:36] <JanC> or if he they could even but that, today
[01:36] <JanC> *buy that*
[01:37] <sarnold> there might be one on ebay!
[01:37] <sarnold> lots of neat stuff on ebay
[01:37] <JanC> but that one might be modified  :)