coderman wrote:
On Tue, Dec 30, 2008 at 6:53 AM, Udo van den Heuvel <[email protected]> wrote:
...
I am using that patch (and others) to be sure that openssl uses the via
padlock hardware:

yes, you're fine.  just a note: the no-rng is a good sign - you are
expected to use an entropy daemon that does fips sanity checks on
/dev/hw_random output before seeding the kernel entropy pool with
garbage.  (usually called rngd)

I have rngd running: /sbin/rngd -t 43 -r /dev/hwrng


Udo

Reply via email to