Re: [PATCH v3 3/7] crypto: testmgr - replace CRYPTO_MANAGER_DISABLE_TESTS with CRYPTO_SELFTESTS

Re: [PATCH v3 3/7] crypto: testmgr - replace CRYPTO_MANAGER_DISABLE_TESTS with CRYPTO_SELFTESTS

[Diederik de Haas]

[-- Attachment #1: Type: text/plain, Size: 14321 bytes --]

Hi Eric,

On Mon May 5, 2025 at 10:33 PM CEST, Eric Biggers wrote:
> The negative-sense of CRYPTO_MANAGER_DISABLE_TESTS is a longstanding
> mistake that regularly causes confusion.  Especially bad is that you can
> have CRYPTO=n && CRYPTO_MANAGER_DISABLE_TESTS=n, which is ambiguous.
>
> Replace CRYPTO_MANAGER_DISABLE_TESTS with CRYPTO_SELFTESTS which has the
> expected behavior.
>
> The tests continue to be disabled by default.
> ---
>  <snip>
> diff --git a/crypto/Kconfig b/crypto/Kconfig
> index da352f1984ea..8f1353bbba18 100644
> --- a/crypto/Kconfig
> +++ b/crypto/Kconfig
>  <snip>
> @@ -171,20 +171,26 @@ config CRYPTO_USER
>  	select CRYPTO_MANAGER
>  	help
>  	  Userspace configuration for cryptographic instantiations such as
>  	  cbc(aes).
>  
> -config CRYPTO_MANAGER_DISABLE_TESTS
> -	bool "Disable run-time self tests"
> -	default y
> +config CRYPTO_SELFTESTS
> +	bool "Enable cryptographic self-tests"
> +	depends on DEBUG_KERNEL
>  	help
> -	  Disable run-time self tests that normally take place at
> -	  algorithm registration.
> +	  Enable the cryptographic self-tests.
> +
> +	  The cryptographic self-tests run at boot time, or at algorithm
> +	  registration time if algorithms are dynamically loaded later.
> +
> +	  This is primarily intended for developer use.  It should not be
> +	  enabled in production kernels, unless you are trying to use these
> +	  tests to fulfill a FIPS testing requirement.

I built a 6.16-rc1 kernel [1] and its config is based upon Debian's and
that has enabled CRYPTO_SELFTESTS [2] (due to Debian bug 599441 [3]).

I then installed it on 3 Rockchip based devices and booted into that.
1. Radxa Rock 5B (rk3588)
2. PINE64 Quartz64 Model B (rk3568)
3. PINE64 RockPro64 (rk3399)

The full dmesg output for level 0-4 can be found at [4], [5] and [6]

The filtered dmesg output for Rock 5B:
ERROR:
[    0.709822] basic hdkf test(hmac(sha256)): failed to allocate transform: -2
WARNING:
[    0.710686] alg: full crypto tests enabled.  This is intended for developer use only.
[    8.877288] alg: skcipher: skipping comparison tests for xctr-aes-ce because xctr(aes-generic) is unavailable

The filtered dmesg output for Quartz64-B:
ERROR:
[    1.479206] basic hdkf test(hmac(sha256)): failed to allocate transform: -2
WARNING:
[    1.480685] alg: full crypto tests enabled.  This is intended for developer use only.
[   18.176195] alg: skcipher: skipping comparison tests for xctr-aes-ce because xctr(aes-generic) is unavailable

For both of these, 1 warning is to be expected (developer use only).
But I do wonder about the error and the other warning. Is that a
problem? And if so, is that on the crypto or the Rockchip side?

But the filtered dmesg output on RockPro64 seems way more serious:
ERROR:
[    1.232672] basic hdkf test(hmac(sha256)): failed to allocate transform: -2
[   14.172991] alg: ahash: rk-sha1 export() overran state buffer on test vector 0, cfg="import/export"
[   14.202291] alg: ahash: rk-sha256 export() overran state buffer on test vector 0, cfg="import/export"
[   14.230887] alg: ahash: rk-md5 export() overran state buffer on test vector 0, cfg="import/export"
WARNING:
[    1.234017] alg: full crypto tests enabled.  This is intended for developer use only.
[   14.173876] alg: self-tests for sha1 using rk-sha1 failed (rc=-75)
[   14.173883] ------------[ cut here ]------------
[   14.174845] alg: self-tests for sha1 using rk-sha1 failed (rc=-75)
[   14.174886] WARNING: CPU: 4 PID: 669 at crypto/testmgr.c:5807 alg_test+0x6ec/0x708
[   14.176112] Modules linked in: snd_soc_simple_card_utils snd_soc_spdif_tx snd_soc_rockchip_i2s des_generic gpio_ir_recv snd_soc_core v4l2_h264(+) rockchip_rga videobuf2_dma_contig ecdh_generic videobuf2_dma_sg leds_gpio v4l2_mem2mem panfrost rfkill pwm_fan snd_compress dw_hdmi_i2s_audio pwrseq_core gpu_sched rk_crypto(+) snd_pcm_dmaengine videobuf2_memops drm_shmem_helper dw_hdmi_cec videobuf2_v4l2 crypto_engine libdes snd_pcm videodev snd_timer ofpart snd coresight_cpu_debug soundcore videobuf2_common spi_nor rockchip_saradc mc mtd industrialio_triggered_buffer coresight_etm4x rockchip_thermal kfifo_buf industrialio coresight cpufreq_dt evdev binfmt_misc pkcs8_key_parser efi_pstore configfs nfnetlink ip_tables x_tables autofs4 ext4 crc16 mbcache jbd2 realtek phy_rockchip_samsung_hdptx phy_rockchip_naneng_combphy panel_boe_th101mb31ig002_28a xhci_plat_hcd xhci_hcd rockchipdrm dw_hdmi_qp dw_hdmi dwc3 cec rc_core dw_mipi_dsi udc_core rk808_regulator dwmac_rk stmmac_platform ulpi analogix_dp stmmac fusb302 tcpm
[   14.176292]  drm_dp_aux_bus pcs_xpcs fan53555 typec drm_display_helper phylink mdio_devres drm_client_lib dwc3_of_simple pwm_regulator gpio_rockchip gpio_keys fixed phy_rockchip_pcie of_mdio ehci_platform sdhci_of_arasan ohci_platform drm_dma_helper fixed_phy phy_rockchip_inno_usb2 ohci_hcd sdhci_pltfm ehci_hcd fwnode_mdio dw_wdt drm_kms_helper phy_rockchip_emmc rockchip_dfi io_domain pwm_rockchip libphy phy_rockchip_typec sdhci nvmem_rockchip_efuse usbcore pl330 dw_mmc_rockchip drm spi_rockchip dw_mmc_pltfm mdio_bus cqhci dw_mmc usb_common i2c_rk3x
[   14.188362] CPU: 4 UID: 0 PID: 669 Comm: cryptomgr_test Not tainted 6.16-rc1+unreleased-arm64-cknow #1 PREEMPTLAZY  Debian 6.16~rc1-1~exp1
[   14.189451] Hardware name: Pine64 RockPro64 v2.1 (DT)
[   14.189897] pstate: 60000005 (nZCv daif -PAN -UAO -TCO -DIT -SSBS BTYPE=--)
[   14.190510] pc : alg_test+0x6ec/0x708
[   14.190844] lr : alg_test+0x6ec/0x708
[   14.191170] sp : ffff800081df3d30
[   14.191463] x29: ffff800081df3dd0 x28: 00000000000000bd x27: 00000000ffffffb5
[   14.192094] x26: 00000000000000bf x25: ffffd9bef0455000 x24: 0000000000000178
[   14.192725] x23: 00000000ffffffff x22: ffff000008799880 x21: 000000000800018f
[   14.193355] x20: ffff000008799800 x19: ffffd9beef0558b8 x18: 0000000000000018
[   14.193985] x17: 0000000000006fd8 x16: ffffd9beeef9e128 x15: 0000000000000000
[   14.194616] x14: 0f4bc94cbbc50b90 x13: 0000000000000325 x12: 000000000f4bc94c
[   14.195247] x11: ffffd9beeffffff8 x10: 0000000000000d30 x9 : ffffd9beee116028
[   14.195877] x8 : ffff000007518d90 x7 : 0000000000000004 x6 : 0000000000000000
[   14.196506] x5 : 0000000000000000 x4 : 0000000000000001 x3 : 0000000000000010
[   14.197137] x2 : 0000000000000000 x1 : 0000000000000000 x0 : ffff000007518000
[   14.197767] Call trace:
[   14.197986]  alg_test+0x6ec/0x708 (P)
[   14.198315]  cryptomgr_test+0x2c/0x58
[   14.198642]  kthread+0x150/0x250
[   14.198932]  ret_from_fork+0x10/0x20
[   14.199251] ---[ end trace 0000000000000000 ]---
[   14.203118] alg: self-tests for sha256 using rk-sha256 failed (rc=-75)
[   14.203122] ------------[ cut here ]------------
[   14.204104] alg: self-tests for sha256 using rk-sha256 failed (rc=-75)
[   14.204133] WARNING: CPU: 4 PID: 672 at crypto/testmgr.c:5807 alg_test+0x6ec/0x708
[   14.205381] Modules linked in: snd_soc_simple_card_utils snd_soc_spdif_tx snd_soc_rockchip_i2s des_generic gpio_ir_recv snd_soc_core v4l2_h264 rockchip_rga videobuf2_dma_contig ecdh_generic videobuf2_dma_sg leds_gpio v4l2_mem2mem panfrost rfkill pwm_fan snd_compress dw_hdmi_i2s_audio pwrseq_core gpu_sched rk_crypto(+) snd_pcm_dmaengine videobuf2_memops drm_shmem_helper dw_hdmi_cec videobuf2_v4l2 crypto_engine libdes snd_pcm videodev snd_timer ofpart snd coresight_cpu_debug soundcore videobuf2_common spi_nor rockchip_saradc mc mtd industrialio_triggered_buffer coresight_etm4x rockchip_thermal kfifo_buf industrialio coresight cpufreq_dt evdev binfmt_misc pkcs8_key_parser efi_pstore configfs nfnetlink ip_tables x_tables autofs4 ext4 crc16 mbcache jbd2 realtek phy_rockchip_samsung_hdptx phy_rockchip_naneng_combphy panel_boe_th101mb31ig002_28a xhci_plat_hcd xhci_hcd rockchipdrm dw_hdmi_qp dw_hdmi dwc3 cec rc_core dw_mipi_dsi udc_core rk808_regulator dwmac_rk stmmac_platform ulpi analogix_dp stmmac fusb302 tcpm
[   14.205591]  drm_dp_aux_bus pcs_xpcs fan53555 typec drm_display_helper phylink mdio_devres drm_client_lib dwc3_of_simple pwm_regulator gpio_rockchip gpio_keys fixed phy_rockchip_pcie of_mdio ehci_platform sdhci_of_arasan ohci_platform drm_dma_helper fixed_phy phy_rockchip_inno_usb2 ohci_hcd sdhci_pltfm ehci_hcd fwnode_mdio dw_wdt drm_kms_helper phy_rockchip_emmc rockchip_dfi io_domain pwm_rockchip libphy phy_rockchip_typec sdhci nvmem_rockchip_efuse usbcore pl330 dw_mmc_rockchip drm spi_rockchip dw_mmc_pltfm mdio_bus cqhci dw_mmc usb_common i2c_rk3x
[   14.217640] CPU: 4 UID: 0 PID: 672 Comm: cryptomgr_test Tainted: G        W           6.16-rc1+unreleased-arm64-cknow #1 PREEMPTLAZY  Debian 6.16~rc1-1~exp1
[   14.218866] Tainted: [W]=WARN
[   14.219130] Hardware name: Pine64 RockPro64 v2.1 (DT)
[   14.219576] pstate: 60000005 (nZCv daif -PAN -UAO -TCO -DIT -SSBS BTYPE=--)
[   14.220188] pc : alg_test+0x6ec/0x708
[   14.220521] lr : alg_test+0x6ec/0x708
[   14.220847] sp : ffff800081e03d30
[   14.221140] x29: ffff800081e03dd0 x28: 00000000000000bd x27: 00000000ffffffb5
[   14.221771] x26: 00000000000000c1 x25: ffffd9bef0455000 x24: 0000000000000178
[   14.222402] x23: 00000000ffffffff x22: ffff00000b49c880 x21: 000000000800018f
[   14.223033] x20: ffff00000b49c800 x19: ffffd9beef0558b8 x18: 00000000fffffffe
[   14.223663] x17: 7463657620747365 x16: ffffd9beee6829e8 x15: ffffd9bef03eb09f
[   14.224294] x14: 0000000000000000 x13: ffffd9bef03eb0a3 x12: ffffd9bef0085e60
[   14.224923] x11: ffffd9bef002deb8 x10: ffffd9bef0085eb8 x9 : ffffd9beee17c8cc
[   14.225553] x8 : 0000000000000001 x7 : 0000000000017fe8 x6 : c0000000ffffefff
[   14.226183] x5 : ffff0000f7766448 x4 : 0000000000000000 x3 : 0000000000000027
[   14.226812] x2 : 0000000000000000 x1 : 0000000000000000 x0 : ffff00000751bb40
[   14.227443] Call trace:
[   14.227662]  alg_test+0x6ec/0x708 (P)
[   14.227991]  cryptomgr_test+0x2c/0x58
[   14.228319]  kthread+0x150/0x250
[   14.228611]  ret_from_fork+0x10/0x20
[   14.228929] ---[ end trace 0000000000000000 ]---
[   14.231753] alg: self-tests for md5 using rk-md5 failed (rc=-75)
[   14.231758] ------------[ cut here ]------------
[   14.232696] alg: self-tests for md5 using rk-md5 failed (rc=-75)
[   14.232742] WARNING: CPU: 4 PID: 674 at crypto/testmgr.c:5807 alg_test+0x6ec/0x708
[   14.233943] Modules linked in: v4l2_vp9 snd_soc_audio_graph_card snd_soc_simple_card_utils snd_soc_spdif_tx snd_soc_rockchip_i2s des_generic gpio_ir_recv snd_soc_core v4l2_h264 rockchip_rga videobuf2_dma_contig ecdh_generic videobuf2_dma_sg leds_gpio v4l2_mem2mem panfrost rfkill pwm_fan snd_compress dw_hdmi_i2s_audio pwrseq_core gpu_sched rk_crypto(+) snd_pcm_dmaengine videobuf2_memops drm_shmem_helper dw_hdmi_cec videobuf2_v4l2 crypto_engine libdes snd_pcm videodev snd_timer ofpart snd coresight_cpu_debug soundcore videobuf2_common spi_nor rockchip_saradc mc mtd industrialio_triggered_buffer coresight_etm4x rockchip_thermal kfifo_buf industrialio coresight cpufreq_dt evdev binfmt_misc pkcs8_key_parser efi_pstore configfs nfnetlink ip_tables x_tables autofs4 ext4 crc16 mbcache jbd2 realtek phy_rockchip_samsung_hdptx phy_rockchip_naneng_combphy panel_boe_th101mb31ig002_28a xhci_plat_hcd xhci_hcd rockchipdrm dw_hdmi_qp dw_hdmi dwc3 cec rc_core dw_mipi_dsi udc_core rk808_regulator dwmac_rk stmmac_platform ulpi
[   14.234122]  analogix_dp stmmac fusb302 tcpm drm_dp_aux_bus pcs_xpcs fan53555 typec drm_display_helper phylink mdio_devres drm_client_lib dwc3_of_simple pwm_regulator gpio_rockchip gpio_keys fixed phy_rockchip_pcie of_mdio ehci_platform sdhci_of_arasan ohci_platform drm_dma_helper fixed_phy phy_rockchip_inno_usb2 ohci_hcd sdhci_pltfm ehci_hcd fwnode_mdio dw_wdt drm_kms_helper phy_rockchip_emmc rockchip_dfi io_domain pwm_rockchip libphy phy_rockchip_typec sdhci nvmem_rockchip_efuse usbcore pl330 dw_mmc_rockchip drm spi_rockchip dw_mmc_pltfm mdio_bus cqhci dw_mmc usb_common i2c_rk3x
[   14.246439] CPU: 4 UID: 0 PID: 674 Comm: cryptomgr_test Tainted: G        W           6.16-rc1+unreleased-arm64-cknow #1 PREEMPTLAZY  Debian 6.16~rc1-1~exp1
[   14.247667] Tainted: [W]=WARN
[   14.247931] Hardware name: Pine64 RockPro64 v2.1 (DT)
[   14.248377] pstate: 60000005 (nZCv daif -PAN -UAO -TCO -DIT -SSBS BTYPE=--)
[   14.248991] pc : alg_test+0x6ec/0x708
[   14.249332] lr : alg_test+0x6ec/0x708
[   14.249664] sp : ffff800081e0bd30
[   14.249957] x29: ffff800081e0bdd0 x28: 00000000000000bd x27: 00000000ffffffb5
[   14.250588] x26: 00000000000000a4 x25: ffffd9bef0455000 x24: 0000000000000178
[   14.251220] x23: 00000000ffffffff x22: ffff00000b49c280 x21: 000000000800018f
[   14.251852] x20: ffff00000b49c200 x19: ffffd9beef0558b8 x18: 0000000000000018
[   14.252484] x17: 0000000000007050 x16: ffffd9beeef9e128 x15: 0000000000000000
[   14.253114] x14: 0a8fc7a77222d736 x13: 00000000000003da x12: 000000000a8fc7a7
[   14.253747] x11: ffffd9beeffffff8 x10: 0000000000000d30 x9 : ffffd9beee116028
[   14.254377] x8 : ffff00000b6d3510 x7 : 0000000000000004 x6 : 0000000000000000
[   14.255008] x5 : 0000000000000000 x4 : 0000000000000001 x3 : 0000000000000010
[   14.255637] x2 : 0000000000000000 x1 : 0000000000000000 x0 : ffff00000b6d2780
[   14.256268] Call trace:
[   14.256498]  alg_test+0x6ec/0x708 (P)
[   14.256835]  cryptomgr_test+0x2c/0x58
[   14.257164]  kthread+0x150/0x250
[   14.257455]  ret_from_fork+0x10/0x20
[   14.257774] ---[ end trace 0000000000000000 ]---
[   14.828425] alg: skcipher: skipping comparison tests for xctr-aes-ce because xctr(aes-generic) is unavailable

I'm assuming this is problematic and hopefully you can tell whether this
is on the crypto or Rockchip side as well. In case of the latter, if
you'd have pointers as to where the problem is/may be, that would be
appreciated.

[1] https://salsa.debian.org/diederik/linux/-/tree/cknow/general
[2] https://salsa.debian.org/kernel-team/linux/-/commit/6991dd77f350
6991dd77f350 ("crypto: Explicitly enable algorithm self-tests (Closes: #599441)")
[3] https://bugs.debian.org/599441
[4] https://paste.sr.ht/~diederik/c18ad65427080d4c48e8bd2ac27282682069aff1
[5] https://paste.sr.ht/~diederik/8fde0c2c1d005a15bb8a3b6d7ba8ae3298733250
[6] https://paste.sr.ht/~diederik/cdcb6c4522fa782f9a692b7ea0cf33c2301e2176

Cheers,
  Diederik

[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 228 bytes --]

Re: [PATCH v3 3/7] crypto: testmgr - replace CRYPTO_MANAGER_DISABLE_TESTS with CRYPTO_SELFTESTS

[Eric Biggers]

On Wed, Jun 11, 2025 at 01:41:06PM +0200, Diederik de Haas wrote:
> Hi Eric,
> 
> On Mon May 5, 2025 at 10:33 PM CEST, Eric Biggers wrote:
> > The negative-sense of CRYPTO_MANAGER_DISABLE_TESTS is a longstanding
> > mistake that regularly causes confusion.  Especially bad is that you can
> > have CRYPTO=n && CRYPTO_MANAGER_DISABLE_TESTS=n, which is ambiguous.
> >
> > Replace CRYPTO_MANAGER_DISABLE_TESTS with CRYPTO_SELFTESTS which has the
> > expected behavior.
> >
> > The tests continue to be disabled by default.
> > ---
> >  <snip>
> > diff --git a/crypto/Kconfig b/crypto/Kconfig
> > index da352f1984ea..8f1353bbba18 100644
> > --- a/crypto/Kconfig
> > +++ b/crypto/Kconfig
> >  <snip>
> > @@ -171,20 +171,26 @@ config CRYPTO_USER
> >  	select CRYPTO_MANAGER
> >  	help
> >  	  Userspace configuration for cryptographic instantiations such as
> >  	  cbc(aes).
> >  
> > -config CRYPTO_MANAGER_DISABLE_TESTS
> > -	bool "Disable run-time self tests"
> > -	default y
> > +config CRYPTO_SELFTESTS
> > +	bool "Enable cryptographic self-tests"
> > +	depends on DEBUG_KERNEL
> >  	help
> > -	  Disable run-time self tests that normally take place at
> > -	  algorithm registration.
> > +	  Enable the cryptographic self-tests.
> > +
> > +	  The cryptographic self-tests run at boot time, or at algorithm
> > +	  registration time if algorithms are dynamically loaded later.
> > +
> > +	  This is primarily intended for developer use.  It should not be
> > +	  enabled in production kernels, unless you are trying to use these
> > +	  tests to fulfill a FIPS testing requirement.
> 
> I built a 6.16-rc1 kernel [1] and its config is based upon Debian's and
> that has enabled CRYPTO_SELFTESTS [2] (due to Debian bug 599441 [3]).
> 
> I then installed it on 3 Rockchip based devices and booted into that.
> 1. Radxa Rock 5B (rk3588)
> 2. PINE64 Quartz64 Model B (rk3568)
> 3. PINE64 RockPro64 (rk3399)
> 
> The full dmesg output for level 0-4 can be found at [4], [5] and [6]
> 
> The filtered dmesg output for Rock 5B:
> ERROR:
> [    0.709822] basic hdkf test(hmac(sha256)): failed to allocate transform: -2
> WARNING:

https://lore.kernel.org/r/20250610191600.54994-1-ebiggers@kernel.org/ fixed the
HKDF failure.  It was caused by a patch that changed initcall levels.

> [    8.877288] alg: skcipher: skipping comparison tests for xctr-aes-ce because xctr(aes-generic) is unavailable

That's expected if you have CONFIG_CRYPTO_AES_ARM64_CE_BLK enabled but
CONFIG_CRYPTO_XCTR disabled.  Some tests are skipped in that case.

> [   14.172991] alg: ahash: rk-sha1 export() overran state buffer on test vector 0, cfg="import/export"
> [   14.202291] alg: ahash: rk-sha256 export() overran state buffer on test vector 0, cfg="import/export"
> [   14.230887] alg: ahash: rk-md5 export() overran state buffer on test vector 0, cfg="import/export"

That means the Rockchip crypto driver is broken.

It may have been broken for a long time.  Hardly anyone ever tests the hardware
crypto drivers, as they only work on very specific platforms and are often
useless anyway.  The software crypto is much better tested and often faster.

I don't think broken drivers like these should even be in the kernel at all.

For now, you should just disable CONFIG_CRYPTO_DEV_ROCKCHIP.

Anyway, the more interesting part of your email is that you pointed out that
Debian has the crypto self-tests enabled, precisely in order to automatically
disable buggy drivers like these.

And actually Fedora does this too.

This seems kind of crazy.  But unfortunately, the crypto/ philosophy seems to be
to enable as many untested and buggy drivers as possible, then rely on them
being (incompletely) self-tested in production.  So, aparently this is a thing.

But of course the distros won't want to enable the full set of tests, which
would slow down boot times significantly, but rather only the "fast" ones (as
they were doing before)...

So I'll send a patch that adds back a kconfig knob to run the fast tests only,
which I had removed in commit 698de822780f.

- Eric

Re: [PATCH v3 3/7] crypto: testmgr - replace CRYPTO_MANAGER_DISABLE_TESTS with CRYPTO_SELFTESTS

[Diederik de Haas]

[-- Attachment #1: Type: text/plain, Size: 2811 bytes --]

On Wed Jun 11, 2025 at 6:34 PM CEST, Eric Biggers wrote:
> On Wed, Jun 11, 2025 at 01:41:06PM +0200, Diederik de Haas wrote:
>> On Mon May 5, 2025 at 10:33 PM CEST, Eric Biggers wrote:
>> > The negative-sense of CRYPTO_MANAGER_DISABLE_TESTS is a longstanding
>> > mistake that regularly causes confusion.  Especially bad is that you can
>> > have CRYPTO=n && CRYPTO_MANAGER_DISABLE_TESTS=n, which is ambiguous.
>> >
>> > Replace CRYPTO_MANAGER_DISABLE_TESTS with CRYPTO_SELFTESTS which has the
>> > expected behavior.
>> >
>> > The tests continue to be disabled by default.
>> > ---
>> >  <snip>
>> 
>> I built a 6.16-rc1 kernel [1] and its config is based upon Debian's and
>> that has enabled CRYPTO_SELFTESTS [2] (due to Debian bug 599441 [3]).
>> 
>> I then installed it on 3 Rockchip based devices and booted into that.
>> 1. Radxa Rock 5B (rk3588)
>> 2. PINE64 Quartz64 Model B (rk3568)
>> 3. PINE64 RockPro64 (rk3399)
>> 
>> The filtered dmesg output for Rock 5B:
>> ERROR:
>> [    0.709822] basic hdkf test(hmac(sha256)): failed to allocate transform: -2
>> WARNING:
>
> https://lore.kernel.org/r/20250610191600.54994-1-ebiggers@kernel.org/ fixed the
> HKDF failure.  It was caused by a patch that changed initcall levels.
>
>> [    8.877288] alg: skcipher: skipping comparison tests for xctr-aes-ce because xctr(aes-generic) is unavailable
>
> That's expected if you have CONFIG_CRYPTO_AES_ARM64_CE_BLK enabled but
> CONFIG_CRYPTO_XCTR disabled.  Some tests are skipped in that case.

Happy to report that with that patch and that config option, the error
and warning are now gone. Thanks :-)

PULL request for the patch is already sent to Linus:
https://lore.kernel.org/linux-crypto/aEupSzhTI4h8kz-5@gondor.apana.org.au/

>> [   14.172991] alg: ahash: rk-sha1 export() overran state buffer on test vector 0, cfg="import/export"
>> [   14.202291] alg: ahash: rk-sha256 export() overran state buffer on test vector 0, cfg="import/export"
>> [   14.230887] alg: ahash: rk-md5 export() overran state buffer on test vector 0, cfg="import/export"
>
> That means the Rockchip crypto driver is broken.

The crypto driver for rk3399 is still broken.

> Anyway, the more interesting part of your email is that you pointed out that
> Debian has the crypto self-tests enabled, precisely in order to automatically
> disable buggy drivers like these.
>
> So I'll send a patch that adds back a kconfig knob to run the fast tests only,
> which I had removed in commit 698de822780f.

I responded about this to a new patch submission here:
https://lore.kernel.org/linux-crypto/DAJXJHLY2ITB.3IBN23DX0RO4Z@cknow.org/
and v2 of that patch can be found here:
https://lore.kernel.org/linux-crypto/20250612174709.26990-1-ebiggers@kernel.org/

Cheers,
  Diederik

[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 228 bytes --]