On Mon, Apr 19, 2021 at 04:16:13AM +0000, Mothershead, Hailey wrote: > Hello, > > The patch quoted below causes the kernel to panic when fips is enabled with: > > alg: ecdh: test failed on vector 2, err=-14 > Kernel panic - not syncing: alg: self-tests for ecdh-generic (ecdh) > failed in fips mode! > > This test fails because jitterentropy hasn’t been initialized yet. The > assumption that the patch makes, that jitter is not used by the crypto > self-tests, does not hold with fips enabled. > > With the patch reverted, i.e. with jitter initialized with module_init, the > kernel is able to boot. How can this best be handled to allow the kernel to > boot with fips enabled without running into issues with certain clocksources? > > Best, > Hailey
I'd recommend looking into why the self-tests would be calling into jitterentropy in the first place. That shouldn't be necessary; it doesn't make sense for known-answer tests to be consuming random numbers. - Eric