On Tue, Aug 16, 2022 at 07:09:44AM +0200, Stephan Mueller wrote: > > The tcrypt code has only one purpose for FIPS: to allocate all crypto > algorithms at boot time and thus to trigger the self test during boot time. > That was a requirement until some time ago. These requirements were relaxed a > bit such that a self test before first use is permitted, i.e. the approach we > have in testmgr.c. > > Therefore, presently we do not need this boot-time allocation of an algorithm > via tcrypt which means that from a FIPS perspective tcrypt is no longer > required. Hi Stephan, Eric: That makes sense. So the tcrypt code also has the side-effect of instantiating all the algorithms which testmgr does not do. Cheers, -- Email: Herbert Xu <herbert@xxxxxxxxxxxxxxxxxxx> Home Page: http://gondor.apana.org.au/~herbert/ PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt
