coderman wrote:
On Tue, Dec 30, 2008 at 6:53 AM, Udo van den Heuvel <udovdh@xxxxxxxxx> wrote:... I am using that patch (and others) to be sure that openssl uses the via padlock hardware:yes, you're fine. just a note: the no-rng is a good sign - you are expected to use an entropy daemon that does fips sanity checks on /dev/hw_random output before seeding the kernel entropy pool with garbage. (usually called rngd)
I have rngd running: /sbin/rngd -t 43 -r /dev/hwrng Udo