Re: [PATCH v24 11/12] LRNG - add SP800-90B compliant health tests

From: Stephan Müller
Date: Tue Nov 12 2019 - 19:38:05 EST


Am Dienstag, 12. November 2019, 20:58:32 CET schrieb Alexander E. Patrakov:

Hi Alexander,

> > +config LRNG_HEALTH_TESTS
> > + bool "Enable noise source online health tests"
> > + help
> > + The online health tests validate the noise source at
> > + runtime for fatal errors. These tests include SP800-90B
> > + compliant tests which are invoked if the system is booted
> > + with fips=1. In case of fatal errors during active
> > + SP800-90B tests, the issue is logged and the noise
> > + data is discarded. These tests are required for full
> > + compliance with SP800-90B.
>
> How have you tested that these tests work at runtime? Maybe add some
> code under a new CONFIG item that depends on CONFIG_BROKEN that
> deliberately botches the RNG and triggers failures?


I am unable to find sensible information about CONFIG_BROKEN in the recent
kernel tree.

Do you happen to have a pointer on how that option is to be used?

Thanks a lot

Ciao
Stephan