FIPS140 for Cryptography outlines requirements around self-tests that implement known-answer self-tests at boot/reboot time to be FIPS-compliant, but the Linux kernel’s signature verification code has been lacking such tests.
Signature checking code is used for module signing, Kexec, and other features, and with the introduction of Linux 5.19, the OS now does some basic self-testing at boot.
Red Hat’s David Howells explained: “Signature checking code used by module signing, Kexec, etc. is not FIPS compliant because a self-testing process has never been deployed. In order for a kernel to be FIPS compliant, signature checking must be done before use. To test, if signature checking is not available, it may cause some trouble in certain cases (eg simply disabling signature checking will prevent any driver modules from being loaded). The kernel code now handles this by adding a minimal size test.”
This FIPS cryptography support was merged into the Linux mainline yesterday, making this FIPS self-test part of Linux 5.19-rc4.