Am Dienstag, 12. November 2019, 20:58:32 CET schrieb Alexander E. Patrakov: Hi Alexander, > > +config LRNG_HEALTH_TESTS > > + bool "Enable noise source online health tests" > > + help > > + The online health tests validate the noise source at > > + runtime for fatal errors. These tests include SP800-90B > > + compliant tests which are invoked if the system is booted > > + with fips=1. In case of fatal errors during active > > + SP800-90B tests, the issue is logged and the noise > > + data is discarded. These tests are required for full > > + compliance with SP800-90B. > > How have you tested that these tests work at runtime? Maybe add some > code under a new CONFIG item that depends on CONFIG_BROKEN that > deliberately botches the RNG and triggers failures? I am unable to find sensible information about CONFIG_BROKEN in the recent kernel tree. Do you happen to have a pointer on how that option is to be used? Thanks a lot Ciao Stephan
