[SRU][F:linux-bluefield][PATCH 0/1] UBUNTU: SAUCE: pka: Enable DRBG block in TRNG
Mahantesh Salimath
mahantesh at nvidia.com
Mon May 3 16:57:21 UTC 2021
BugLink: https://bugs.launchpad.net/bugs/1926773
SRU Justification:
[Impact]
* To be FIPS compliant and to achieve TRNG robustness, DRBG needs to be enabled in TRNG.
[Fix]
* Enable DRBG "pka: Enable DRBG block in TRNG"
[Test Case]
* Use OpenSSL to get random bytes from DRBG enabled TRNG.
# openssl rand -engine pka 512
[Regression Potential]
* Before enabling DRBG, tests are carried out to verify the functioning of DRBG.
If any of these tests fail then TRNG will be disabled (this is as per FIPS
compliance requirements). Hence, TRNG inside PKA HW will be unavailable.
More information about the kernel-team
mailing list