Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

feature: create FIPS complaint linux image #855

Open
wants to merge 10 commits into
base: mainline
Choose a base branch
from
Open

feature: create FIPS complaint linux image #855

wants to merge 10 commits into from

Conversation

Arlington1985
Copy link

@Arlington1985 Arlington1985 commented Sep 11, 2024
edited
Loading

Issue #, if available:
NA
Description of changes:
New FiPS complaint docker image based on Linux AMI 2 and tagged as fips-latest

Tested
Temporarily GO installed inside fips relesed image to test FIPS complaincy of FluentBit binaries:

(venv) ➜  aws-for-fluent-bit git:(fips-image) ✗ docker run -it --rm amazon/aws-for-fluent-bit:fips-latest  /bin/bash
bash-4.2# go tool nm /fluent-bit/firehose.so | grep FIPS
  5f6948 t BORINGSSL_FIPS_abort
  5f32b4 t FIPS_mode_set
  5f32c0 t FIPS_read_counter
  5b61cc T _cgo_14d622f8b473_Cfunc__goboringcrypto_FIPS_mode
  5f32ac t _goboringcrypto_FIPS_mode
  2433c0 t crypto/internal/boring._Cfunc__goboringcrypto_FIPS_mode.abi0
  ca0ea8 d crypto/internal/boring._cgo_14d622f8b473_Cfunc__goboringcrypto_FIPS_mode
  ca5c80 d crypto/tls.defaultCipherSuitesFIPS
  ca5c40 d crypto/tls.defaultCurvePreferencesFIPS
  ca5c60 d crypto/tls.defaultSupportedSignatureAlgorithmsFIPS
  ca5c20 d crypto/tls.defaultSupportedVersionsFIPS
  ca38c0 d github.com/aws/aws-sdk-go/aws/session.awsUseFIPSEndpoint
  4df180 t github.com/aws/aws-sdk-go/aws/session.setUseFIPSEndpointFromEnvVal

By submitting this pull request, I confirm that you can use, modify, copy, and redistribute this contribution, under the terms of your choice.

@Arlington1985 Arlington1985 requested a review from a team as a code owner September 11, 2024 13:15
@Arlington1985 Arlington1985 marked this pull request as draft September 11, 2024 13:17
@Arlington1985 Arlington1985 marked this pull request as ready for review September 13, 2024 09:26
@swapneils
Copy link
Contributor

Can you specify which are the substantive changes that make this image FIPS compliant, either here in the conversation or as comments in the code?

@Arlington1985
Copy link
Author

Arlington1985 commented Sep 25, 2024
edited
Loading

Can you specify which are the substantive changes that make this image FIPS compliant, either here in the conversation or as comments in the code?

The GOEXPERIMENT=boringcrypto environment variable in Go selects the upstream BoringCrypto backend as a cryptographic library for a program

@Arlington1985 Arlington1985 changed the title Create FIPS complaint linux image feature: create FIPS complaint linux image Sep 30, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@Arlington1985 @swapneils