** Description changed: For TRNG(True Random Number Generator) to be FIPS (Federal Information Processing Standards) compliant, DRBG (Deterministic Random Bit Generator) block needs to be enabled. SRU Justification: [Impact] - * To be FIPS compliant, DRBG needs to be enabled in TRNG. + * To be FIPS compliant and to achieve TRNG robustness, DRBG needs to be enabled in TRNG. [Fix] * Enable DRBG "pka: Enable DRBG block in TRNG" [Test Case] * Use OpenSSL to get random bytes from DRBG enabled TRNG. # openssl rand -engine pka 512 [Regression Potential] - * Before enabling DRBG, tests are carried out to verify the functioning of DRBG. - If any of these tests fail then TRNG will be disabled. - Hence, TRNG inside PKA HW will be unavailable. + * Before enabling DRBG, tests are carried out to verify the functioning of DRBG. + If any of these tests fail then TRNG will be disabled (this is as per FIPS + compliance requirements). Hence, TRNG inside PKA HW will be unavailable.
-- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1926773 Title: Enabled DRBG block in TRNG To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/linux-bluefield/+bug/1926773/+subscriptions -- ubuntu-bugs mailing list [email protected] https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
