Am Freitag, 14. Januar 2022, 11:55:26 CET schrieb Herbert Xu: Hi Herbert, > > > This looks all good to me, but as !->fips_allowed tests aren't skipped > > over anymore now, it would perhaps make sense to make their failure > > non-fatal in FIPS mode. Because in FIPS mode a failure could mean a > > panic and some of the existing TVs might not pass because of e.g. some > > key length checks or so active only for fips_enabled... > > You mean a buggy non-FIPS algorithm that fails when tested in > FIPS mode? I guess we could skip the panic in that case if > everyone is happy with that. Stephan? As we consider FIPS 140-3, we can allow a "degrated mode of operation". A degraded mode of operation disables only the algorithm that caused the failure. With a failing self test and not having a panic(), the offending algorithm implementation will not be available to the kernel crypto API and thus to a user. In this case, we can replace the panic with a graceful error. If that change is applied, I would like to mention to anybody that wants to backport the change: this change is not appropriate for FIPS 140-2. Ciao Stephan
