Re: [PATCH] crypto: testmgr - reinstate kconfig support for fast tests only

From: Eric Biggers
Date: Thu Jun 12 2025 - 02:10:08 EST

Next message: Tomi Valkeinen: "Re: [PATCH v2 00/21] pmdomain: Add generic ->sync_state() support to genpd"
Previous message: Chen Ni: "[PATCH] ALSA: usb-audio: Convert comma to semicolon"
In reply to: Herbert Xu: "Re: [PATCH] crypto: testmgr - reinstate kconfig support for fast tests only"
Next in thread: Herbert Xu: "Re: [PATCH] crypto: testmgr - reinstate kconfig support for fast tests only"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Thu, Jun 12, 2025 at 01:55:21PM +0800, Herbert Xu wrote:
> On Wed, Jun 11, 2025 at 10:55:25AM -0700, Eric Biggers wrote:
> >
> > diff --git a/crypto/Kconfig b/crypto/Kconfig
> > index e9fee7818e270..8612ebf655647 100644
> > --- a/crypto/Kconfig
> > +++ b/crypto/Kconfig
> > @@ -174,20 +174,30 @@ config CRYPTO_USER
> > Userspace configuration for cryptographic instantiations such as
> > cbc(aes).
> >
> > config CRYPTO_SELFTESTS
> > bool "Enable cryptographic self-tests"
> > - depends on DEBUG_KERNEL
>
> Please restore the dependency on EXPERT. I do not want random
> users exposed to this toggle.

It used to be:

config CRYPTO_MANAGER_DISABLE_TESTS
bool "Disable run-time self tests"
default y
help
Disable run-time self tests that normally take place at
algorithm registration.

So the CONFIG_EXPERT dependency for the prompt would be new. Are you sure?

> > +config CRYPTO_SELFTESTS_FULL
> > + bool "Enable the full set of cryptographic self-tests"
> > + depends on CRYPTO_SELFTESTS
> > + default y
> > + help
> > + Enable the full set of cryptographic self-tests for each algorithm.
> > +
> > + For development and pre-release testing, leave this as 'y'.
> > +
> > + If you're keeping the crypto self-tests enabled in a production
> > + kernel, you likely want to set this to 'n' to speed up the boot. This
> > + will cause the "slow" tests to be skipped. This may suffice for a
> > + quick sanity check of drivers and for FIPS 140-3 pre-operational self-
> > + testing, but some issues can be found only by the full set of tests.
>
> Please remove the "default y".

If you insist. I hoped to get the people working on drivers to actually run the
tests that they are supposed to. The default y is appropriate for anyone
actually doing development and/or testing, which is what the tests are supposed
to be for.

But I guess that doesn't really happen, and distros are expected to run the
reduced set of tests in production because upstream doesn't test the drivers.
And they will want n here.

- Eric

Next message: Tomi Valkeinen: "Re: [PATCH v2 00/21] pmdomain: Add generic ->sync_state() support to genpd"
Previous message: Chen Ni: "[PATCH] ALSA: usb-audio: Convert comma to semicolon"
In reply to: Herbert Xu: "Re: [PATCH] crypto: testmgr - reinstate kconfig support for fast tests only"
Next in thread: Herbert Xu: "Re: [PATCH] crypto: testmgr - reinstate kconfig support for fast tests only"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]