Skip to content

Commit bee9e94

Browse files
dougchdougch
committed
docs: move FIPS platform limitations from README to FIPS.md
1 parent 968ab14 commit bee9e94

File tree

2 files changed

+11
-8
lines changed

2 files changed

+11
-8
lines changed

README.md

Lines changed: 1 addition & 7 deletions
Original file line numberDiff line numberDiff line change
@@ -118,13 +118,7 @@ that improve the experience for consumers on these platforms.
118118

119119
### FIPS Compliance
120120

121-
AWS-LC can be built in FIPS mode for compliance with FIPS 140-3 requirements. However, please note that:
122-
123-
- Static FIPS builds are only supported on Linux platforms
124-
- Shared library FIPS builds are supported on both Linux and Windows
125-
- Windows Debug builds are not supported with FIPS
126-
127-
For more details on building AWS-LC in FIPS mode, see the [FIPS Mode section in BUILDING.md](BUILDING.md#fips-mode).
121+
For information about FIPS compliance, building AWS-LC in FIPS mode, and platform limitations, see [crypto/fipsmodule/FIPS.md](crypto/fipsmodule/FIPS.md).
128122

129123
### Post-Quantum Cryptography
130124

crypto/fipsmodule/FIPS.md

Lines changed: 10 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -14,6 +14,16 @@ NIST has also awarded SP 800-90B validation certificate for our CPU Jitter Entro
1414

1515
1. 2023-09-14: entropy certificate [#E77](https://csrc.nist.gov/projects/cryptographic-module-validation-program/entropy-validations/certificate/77), [public use document](https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/entropy/E77_PublicUse.pdf)
1616

17+
## Platform Limitations
18+
19+
When building AWS-LC in FIPS mode, please be aware of the following platform limitations:
20+
21+
- Static FIPS builds are only supported on Linux platforms
22+
- Shared library FIPS builds are supported on both Linux and Windows
23+
- Windows Debug builds are not supported with FIPS
24+
25+
For more details on building AWS-LC in FIPS mode, see the [FIPS Mode section in BUILDING.md](../BUILDING.md#fips-mode).
26+
1727
### Modules in Process
1828

1929
The modules below have been tested by an accredited lab and have been submitted to NIST for FIPS 140-3 validation.
@@ -180,4 +190,3 @@ Initially the known-good value will be incorrect. Another script (`inject_hash.g
180190
The utility in `util/fipstools/break-hash.go` can be used to corrupt the FIPS module inside a binary and thus trigger a failure of the integrity test. Note that the binary must not be stripped, otherwise the utility will not be able to find the FIPS module.
181191
182192
![build process](./intcheck2.png)
183-

0 commit comments

Comments
 (0)