On Wed, Feb 06, 2013 at 06:45:45PM +0100, Stephan Mueller wrote: > Unfortunately there has already something terrible happened: an > additional piece of code loaded into the FIPS 140-2 module could not be > loaded because a self test failed. This is a terrible accident in FIPS > 140-2 speak. :-) > > That means, the FIPS 140-2 module, aka kernel crypto API must become > unavailable. As one self test failed, the entire module must become > unavailable. > > I am sorry, but there is no way around it. Just to quote the relevant > part from the FIPS 140-2 specification, section 4.9: > > If a cryptographic module fails a self-test, the module shall enter an > error state and output an error indicator > via the status output interface. The cryptographic module shall not > perform any cryptographic operations > while in an error state. All data output via the data output interface > shall be inhibited when an error state > exists. >
OK. If Herbert and Rusty are ok with this, I'll send an additional patch moving the panic which should satisfy this requirement. > > ==> the signature test we are discussing here is one of these self > tests, in particular a conditional self test defined in section 4.9.2 of > the FIPS 140-2 standard. > > > necessary, I just didn't think it was. If Herbert doesn't object to this > > patch, I'd move the panic from kernel/module.c to here. > > I am perfectly happy with the move of the code. > regards, Kyle -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
