Many organizations require US Federal Information Processing Standard (FIPS) certification of the crypto code they are running. The certification
process is lengthy, but the bigger problem is that the way the crypto
subsystem is built into the kernel makes the result unable to be reused
across kernel updates. I have proposed a patch
series that decouples the crypto subsystem into a standalone
loadable module, allowing a certified crypto module to be reused with
multiple kernels and, thus, requiring fewer lengthy recertification delays.
https://lwn.net/Articles/1073759/
--- SBBSecho 3.37-Linux
* Origin: Palantir * palantirbbs.ddns.net * Pensacola, FL * (618:250/24)