Am Dienstag, 9. August 2016, 17:11:09 CEST schrieb Tapas Sarangi: Hi Tapas, Herbert, > Hi Stephan, > > Thanks. I have already tried that. ‘drbg’ module is loaded fine in a > non-fips mode. Here are output from some commands. There is something strange going on. I have to compile the DRBG statically. When booting the kernel with fips=1 (of course after changing the key size to 2k or 3k in certs/x509.genkey), the DRBG does not show up in /proc/crypto nor can I find testmgr entries about the DRBG. When I reboot the kernel without fips=1, all works as expected. When I create a copy of the drbg.c code and have it compiled as a module to ensure it is signed, I can insmod it and the testmgr successfully tests it. Note, with fips=1, my kernel crashes randomly somewhere in the elf loading code -- I guess it is because there is no stdrng. > > I see that at some point you had a patch to use CONFIG_CRYPTO_LRNG. I am > not using that, could that be a problem ? Nope, this LRNG is something completely different -- it is my proposal to replace the current /dev/random and /dev/urandom implementation as documented in [1]. [1] http://www.chronox.de/lrng.html Ciao Stephan -- To unsubscribe from this list: send the line "unsubscribe linux-crypto" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html