From: Eric Biggers <ebiggers@kernel.org>
To: Herbert Xu <herbert@gondor.apana.org.au>
Cc: linux-crypto@vger.kernel.org, linux-kernel@vger.kernel.org,
Diederik de Haas <didi.debian@cknow.org>,
Ingo Franzki <ifranzki@linux.ibm.com>
Subject: Re: [PATCH] crypto: testmgr - reinstate kconfig support for fast tests only
Date: Wed, 11 Jun 2025 23:09:31 -0700 [thread overview]
Message-ID: <20250612060931.GA200686@sol> (raw)
In-Reply-To: <aEpryXbiFJ5mmsvj@gondor.apana.org.au>
On Thu, Jun 12, 2025 at 01:55:21PM +0800, Herbert Xu wrote:
> On Wed, Jun 11, 2025 at 10:55:25AM -0700, Eric Biggers wrote:
> >
> > diff --git a/crypto/Kconfig b/crypto/Kconfig
> > index e9fee7818e270..8612ebf655647 100644
> > --- a/crypto/Kconfig
> > +++ b/crypto/Kconfig
> > @@ -174,20 +174,30 @@ config CRYPTO_USER
> > Userspace configuration for cryptographic instantiations such as
> > cbc(aes).
> >
> > config CRYPTO_SELFTESTS
> > bool "Enable cryptographic self-tests"
> > - depends on DEBUG_KERNEL
>
> Please restore the dependency on EXPERT. I do not want random
> users exposed to this toggle.
It used to be:
config CRYPTO_MANAGER_DISABLE_TESTS
bool "Disable run-time self tests"
default y
help
Disable run-time self tests that normally take place at
algorithm registration.
So the CONFIG_EXPERT dependency for the prompt would be new. Are you sure?
> > +config CRYPTO_SELFTESTS_FULL
> > + bool "Enable the full set of cryptographic self-tests"
> > + depends on CRYPTO_SELFTESTS
> > + default y
> > + help
> > + Enable the full set of cryptographic self-tests for each algorithm.
> > +
> > + For development and pre-release testing, leave this as 'y'.
> > +
> > + If you're keeping the crypto self-tests enabled in a production
> > + kernel, you likely want to set this to 'n' to speed up the boot. This
> > + will cause the "slow" tests to be skipped. This may suffice for a
> > + quick sanity check of drivers and for FIPS 140-3 pre-operational self-
> > + testing, but some issues can be found only by the full set of tests.
>
> Please remove the "default y".
If you insist. I hoped to get the people working on drivers to actually run the
tests that they are supposed to. The default y is appropriate for anyone
actually doing development and/or testing, which is what the tests are supposed
to be for.
But I guess that doesn't really happen, and distros are expected to run the
reduced set of tests in production because upstream doesn't test the drivers.
And they will want n here.
- Eric
next prev parent reply other threads:[~2025-06-12 6:09 UTC|newest]
Thread overview: 9+ messages / expand[flat|nested] mbox.gz Atom feed top
2025-06-11 17:55 [PATCH] crypto: testmgr - reinstate kconfig support for fast tests only Eric Biggers
2025-06-11 18:53 ` Diederik de Haas
2025-06-11 19:04 ` Eric Biggers
2025-06-11 19:47 ` Diederik de Haas
2025-06-11 20:14 ` Eric Biggers
2025-06-12 5:55 ` Herbert Xu
2025-06-12 6:09 ` Eric Biggers [this message]
2025-06-12 9:03 ` Herbert Xu
2025-06-12 17:20 ` Eric Biggers
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20250612060931.GA200686@sol \
--to=ebiggers@kernel.org \
--cc=didi.debian@cknow.org \
--cc=herbert@gondor.apana.org.au \
--cc=ifranzki@linux.ibm.com \
--cc=linux-crypto@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox