Re: [PATCH] os: deprecate the -enable-fips option and QEMU's FIPS enforcement

On 20/10/20 18:22, Daniel P. Berrangé wrote:

@@ -153,6 +153,9 @@ int os_parse_cmd_args(int index, const char *optarg) break; #if defined(CONFIG_LINUX) case QEMU_OPTION_enablefips: + warn_report("-enable-fips is deprecated, please build QEMU with " + "the `libgcrypt` library as the cryptography provider " + "to enable FIPS compliance"); fips_set_state(true); break; #endif

Should you also remove fips_set_state(true) and make fips_get_state() return the contents of /proc/sys/crypto/fips_enabled, so that VNC password authentication is disabled? Paolo