On Tue, Dec 30, 2008 at 6:53 AM, Udo van den Heuvel <[email protected]> wrote:
> ...
> I am using that patch (and others) to be sure that openssl uses the via
> padlock hardware:

yes, you're fine.  just a note: the no-rng is a good sign - you are
expected to use an entropy daemon that does fips sanity checks on
/dev/hw_random output before seeding the kernel entropy pool with
garbage.  (usually called rngd)

best regards,

Reply via email to