Module Name
Linux Kernel FIPS Object Module (KFOM) Cryptographic Module
Caveat
No assurance of the minimum strength of generated SSPs (e.g., keys). No assurance of minimum security of SSPs (e.g., keys, bit strings) that are externally loaded, or of SSPs established with externally loaded SSPs.
Security Level Exceptions
- Non-invasive security: N/A
- Mitigation of other attacks: N/A
- Documentation requirements: N/A
- Cryptographic module security policy: N/A
Module Type
Firmware-hybrid
Embodiment
Multi-Chip Stand Alone
Description
The Cisco Linux Kernel FIPS Object Module (KFOM) is a firmware hybrid cryptographic library that serves the operating system kernel. It does not implement any security protocols, instead only allowing for Linux kernel applications access to using approved algorithms.
Tested Configuration(s)
- Linux 4.9 running on Cisco Meraki MX68CW with ARMv8 Cortex-A53 with PAA
- Ubuntu 18.04 running on Cisco UCS C220 M5 with Intel Xeon Gold 6138 (Skylake) with PAA
Allowed Algorithms
N/A (N/A; N/A)
Hardware Versions
ARMv8 Cortex-A53, Intel Xeon Gold 6138