cryptomgr_test vs RAP
Posted: Sun May 08, 2016 12:13 pmI've just tried out a new kernel with RAP enabled. The stuff boots flawlessly on a laptop. However it crashes early during boot on a server.
According to the logs cryptomgr_test pulls the trigger. Unfortunately due to technical reasons, I could not capture all lines of the log messages. Since the machine is in production I have limited resources to further investigate the problem. Fortunately, enabling CONFIG_CRYPTO_MANAGER_DISABLE_TESTS (which implies disabling CONFIG_CRYPTO_FIPS) is an easy workaround of the problem - unless a system must be FIPS 200 compliant.
Beginning of the trace:
End of trace:
I can try out something once every week on the system.
For future perspectives: I don't mind if a browser's JIT code is not protected. I'm compiling browsers with JIT disabled. It's more important to spread the technique all over the userland.
Respect for the work made RAP possible:
Dw.
According to the logs cryptomgr_test pulls the trigger. Unfortunately due to technical reasons, I could not capture all lines of the log messages. Since the machine is in production I have limited resources to further investigate the problem. Fortunately, enabling CONFIG_CRYPTO_MANAGER_DISABLE_TESTS (which implies disabling CONFIG_CRYPTO_FIPS) is an easy workaround of the problem - unless a system must be FIPS 200 compliant.
Beginning of the trace:
End of trace:
I can try out something once every week on the system.
For future perspectives: I don't mind if a browser's JIT code is not protected. I'm compiling browsers with JIT disabled. It's more important to spread the technique all over the userland.
Respect for the work made RAP possible:
Dw.