From: Eric Biggers <ebiggers@kernel.org>
To: Herbert Xu <herbert@gondor.apana.org.au>
Cc: linux-crypto@vger.kernel.org, linux-kernel@vger.kernel.org,
Diederik de Haas <didi.debian@cknow.org>,
Ingo Franzki <ifranzki@linux.ibm.com>
Subject: Re: [PATCH] crypto: testmgr - reinstate kconfig support for fast tests only
Date: Wed, 11 Jun 2025 23:09:31 -0700 [thread overview]
Message-ID: <20250612060931.GA200686@sol> (raw)
In-Reply-To: <aEpryXbiFJ5mmsvj@gondor.apana.org.au>
On Thu, Jun 12, 2025 at 01:55:21PM +0800, Herbert Xu wrote:
> On Wed, Jun 11, 2025 at 10:55:25AM -0700, Eric Biggers wrote:
> >
> > diff --git a/crypto/Kconfig b/crypto/Kconfig
> > index e9fee7818e270..8612ebf655647 100644
> > --- a/crypto/Kconfig
> > +++ b/crypto/Kconfig
> > @@ -174,20 +174,30 @@ config CRYPTO_USER
> > Userspace configuration for cryptographic instantiations such as
> > cbc(aes).
> >
> > config CRYPTO_SELFTESTS
> > bool "Enable cryptographic self-tests"
> > - depends on DEBUG_KERNEL
>
> Please restore the dependency on EXPERT. I do not want random
> users exposed to this toggle.
It used to be:
config CRYPTO_MANAGER_DISABLE_TESTS
bool "Disable run-time self tests"
default y
help
Disable run-time self tests that normally take place at
algorithm registration.
So the CONFIG_EXPERT dependency for the prompt would be new. Are you sure?
> > +config CRYPTO_SELFTESTS_FULL
> > + bool "Enable the full set of cryptographic self-tests"
> > + depends on CRYPTO_SELFTESTS
> > + default y
> > + help
> > + Enable the full set of cryptographic self-tests for each algorithm.
> > +
> > + For development and pre-release testing, leave this as 'y'.
> > +
> > + If you're keeping the crypto self-tests enabled in a production
> > + kernel, you likely want to set this to 'n' to speed up the boot. This
> > + will cause the "slow" tests to be skipped. This may suffice for a
> > + quick sanity check of drivers and for FIPS 140-3 pre-operational self-
> > + testing, but some issues can be found only by the full set of tests.
>
> Please remove the "default y".
If you insist. I hoped to get the people working on drivers to actually run the
tests that they are supposed to. The default y is appropriate for anyone
actually doing development and/or testing, which is what the tests are supposed
to be for.
But I guess that doesn't really happen, and distros are expected to run the
reduced set of tests in production because upstream doesn't test the drivers.
And they will want n here.
- Eric
next prev parent reply other threads:[~2025-06-12 6:09 UTC|newest]
Thread overview: 9+ messages / expand[flat|nested] mbox.gz Atom feed top
2025-06-11 17:55 [PATCH] crypto: testmgr - reinstate kconfig support for fast tests only Eric Biggers
2025-06-11 18:53 ` Diederik de Haas
2025-06-11 19:04 ` Eric Biggers
2025-06-11 19:47 ` Diederik de Haas
2025-06-11 20:14 ` Eric Biggers
2025-06-12 5:55 ` Herbert Xu
2025-06-12 6:09 ` Eric Biggers [this message]
2025-06-12 9:03 ` Herbert Xu
2025-06-12 17:20 ` Eric Biggers
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20250612060931.GA200686@sol \
--to=ebiggers@kernel.org \
--cc=didi.debian@cknow.org \
--cc=herbert@gondor.apana.org.au \
--cc=ifranzki@linux.ibm.com \
--cc=linux-crypto@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.