path: root/qemu-options.hx
diff options
authorPaul Moore <pmoore@redhat.com>2012-08-03 14:39:21 -0400
committerAnthony Liguori <aliguori@us.ibm.com>2012-08-03 14:28:40 -0500
commit0f66998ff6d5d2133b9b08471a44e13b11119e50 (patch)
tree498ceec7d881257c2564998762cd635014c51e8d /qemu-options.hx
parent2ad728bd4bf26d8144190ca87d5d36d5f33cfae9 (diff)
vnc: disable VNC password authentication (security type 2) when in FIPS mode
FIPS 140-2 requires disabling certain ciphers, including DES, which is used by VNC to obscure passwords when they are sent over the network. The solution for FIPS users is to disable the use of VNC password auth when the host system is operating in FIPS compliance mode and the user has specified '-enable-fips' on the QEMU command line. This patch causes QEMU to emit a message to stderr when the host system is running in FIPS mode and a VNC password was specified on the commend line. If the system is not running in FIPS mode, or is running in FIPS mode but VNC password authentication was not requested, QEMU operates normally. Signed-off-by: Paul Moore <pmoore@redhat.com> Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
Diffstat (limited to 'qemu-options.hx')
1 files changed, 11 insertions, 0 deletions
diff --git a/qemu-options.hx b/qemu-options.hx
index 9277414782..5e7d0dc035 100644
--- a/qemu-options.hx
+++ b/qemu-options.hx
@@ -2787,6 +2787,17 @@ DEF("qtest-log", HAS_ARG, QEMU_OPTION_qtest_log,
"-qtest-log LOG specify tracing options\n",
+#ifdef __linux__
+DEF("enable-fips", 0, QEMU_OPTION_enablefips,
+ "-enable-fips enable FIPS 140-2 compliance\n",
+@item -enable-fips
+@findex -enable-fips
+Enable FIPS 140-2 compliance mode.
HXCOMM This is the last statement. Insert new options before this line!
@end table