Greetings, We have a need for a FIPS140-2 compliant FreeBSD kernel plus keymanager. Has anyone done this before? My (na=EFve?) approach is to replace the crypto-dev driver with an openssl = fipscanister based crypto driver, use a second application layer openssl fi= pscanister for the key manager crypto and remove all non-fips crypto from t= he kernel. Unsure if FIPs allows two copies of fipscanister. Design is always easier when one is ignorant. regards THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY MA= TERIAL and is thus for use only by the intended recipient. If you received = this in error, please contact the sender and delete the e-mail and its atta= chments from all computers. _______________________________________________ freebsd-security@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-security To unsubscribe, send any mail to "freebsd-security-unsubscribe@freebsd.org"