> From: Eric Biggers <ebiggers@xxxxxxxxxx> > Sent: Monday, March 29, 2021 6:26 PM > ... > It looks like your userspace is using tcrypt.ko to request that the kernel test > "ofb(aes)", but your kernel doesn't have CONFIG_CRYPTO_OFB enabled so the > test fails as expected. Hi Eric, Thanks for the explanation! Yes, that's it! Sorry for the false alarm! Actually the kernel is faultless here. > Are you sure that anything changed on the kernel side > besides the kconfig you are using? It looks like this was always the behavior > when tcrypt.ko is used to test a non-existing algorithm. After I rebuilt the kernel with the 3 options: CONFIG_CRYPTO_OFB=y CONFIG_CRYPTO_DEV_PADLOCK_AES=y CONFIG_CRYPTO_ANSI_CPRNG=y and generated the .hmac file: sha512hmac /boot/vmlinuz-5.12.0-rc5+ > /boot/.vmlinuz-5.12.0-rc5+.hmac now the kernel boots up successfully with fips=1. :-) > Is your userspace code intentionally trying to test "ofb(aes)", or is it > accidental? > > - Eric I'm not sure. This is a CentOS 8.3 VM, and I use the default configuration. I have been trying to build & run a v5.12.0-rc5+ kernel with fips=1, and now this is working for me, thanks to your explanation. Thanks again! Thanks, -- Dexuan