From fe947da0d59baace44a2a4c46001f9104fe5db3e Mon Sep 17 00:00:00 2001
From: Dimitri John Ledkov <dimitri.ledkov@canonical.com>
Date: Thu, 1 Feb 2024 13:19:35 +0000
Subject: [PATCH] UBUNTU: SAUCE: Enable fips mode by default, in FIPS kernels
 only

BugLink: https://bugs.launchpad.net/bugs/2049082

Ensure that kernels built with CONFIG_CRYPTO_FIPS=y default to fips
mode. Such that testing FIPS kernels in FIPS mode requires no
additional bootloader configuration. This will ease testing,
deployment, downgrades/upgrades, certification.

Tested by building unstable kernel with a minimal FIPS configuration
enabled, and observing that default boot goes into fips mode, as well
as when fips=1 passed on the cmdline. Also verified that fips=0 turns
off fips mode correctly.

Signed-off-by: Dimitri John Ledkov <dimitri.ledkov@canonical.com>
Acked-by: Andrei Gherzan <andrei.gherzan@canonical.com>
Acked-by: Tim Gardner <tim.gardner@canonical.com>
Signed-off-by: Dimitri John Ledkov <dimitri.ledkov@canonical.com>
---
 crypto/fips.c | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/crypto/fips.c b/crypto/fips.c
index 92fd506abb21..f358524aa352 100644
--- a/crypto/fips.c
+++ b/crypto/fips.c
@@ -14,7 +14,8 @@
 #include <linux/notifier.h>
 #include <generated/utsrelease.h>
 
-int fips_enabled;
+/* LP: #2049082 UBUNTU: SAUCE: FIPS kernels default to FIPS mode */
+int fips_enabled = 1;
 EXPORT_SYMBOL_GPL(fips_enabled);
 
 ATOMIC_NOTIFIER_HEAD(fips_fail_notif_chain);