Thread (4 messages) 4 messages, 2 authors, 2021-03-30

Re: [PATCH] Documentation: crypto: add info about "fips=" boot option

From: Herbert Xu <herbert@gondor.apana.org.au>
Date: 2021-03-30 05:03:14
Also in: linux-crypto, lkml 

On Mon, Mar 29, 2021 at 10:00:45PM -0700, Randy Dunlap wrote:
On 3/29/21 9:37 PM, Herbert Xu wrote:
quoted
On Mon, Mar 29, 2021 at 09:00:01PM -0700, Randy Dunlap wrote:
quoted
+			If fips_enabled = 1, some crypto tests are skipped.
I don't think any tests are skipped.  It does however disable
many algorithms by essentially failing them at the testing stage.
That statement was based on crypto/testmgr.c (in 4 places):

		if (fips_enabled && template[i].fips_skip)
			continue;
By skipping the test, the algorithm effectively fails the self-test
and therefore is disabled.

Cheers,
-- 
Email: Herbert Xu [off-list ref]
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt
Keyboard shortcuts
hback out one level
jnext message in thread
kprevious message in thread
ldrill in
Escclose help / fold thread tree
?toggle this help