diff --git a/crypto/Kconfig b/crypto/Kconfig
index f52237ac12c5..d726b1c3a7f8 100644
--- a/crypto/Kconfig
+++ b/crypto/Kconfig
@@ -32,13 +32,26 @@ config CRYPTO_FIPS
 	  certification.  You should say no unless you know what
 	  this is.
 
+# CRYPTO_FIPS140 just enables the support in the kernel for loading fips140.ko.
+# The module still needs to be built and loaded if you need FIPS 140 compliance.
 config CRYPTO_FIPS140
 	def_bool y
 	depends on MODULES && ARM64 && ARM64_MODULE_PLTS
 
 config CRYPTO_FIPS140_MOD
-	bool "Enable FIPS140 integrity self-checked loadable module"
+	bool "Enable FIPS 140 cryptographic module"
 	depends on LTO_CLANG && CRYPTO_FIPS140
+	help
+	  This option enables building a loadable module fips140.ko, which
+	  contains various crypto algorithms that are also built into vmlinux.
+	  At load time, this module overrides the built-in implementations of
+	  these algorithms with its implementations.  It also runs self-tests on
+	  these algorithms and verifies the integrity of its code and data.  If
+	  either of these steps fails, the kernel will panic.
+
+	  This module is intended to be loaded at early boot time in order to
+	  meet FIPS 140 and NIAP FPT_TST_EXT.1 requirements.  It shouldn't be
+	  used if you don't need to meet these requirements.
 
 config CRYPTO_FIPS140_MOD_ERROR_INJECTION
 	bool "Support injecting failures into the FIPS 140 self-tests"
diff --git a/crypto/fips140-module.c b/crypto/fips140-module.c
index f0ed4602e924..a91735c37c67 100644
--- a/crypto/fips140-module.c
+++ b/crypto/fips140-module.c
@@ -3,12 +3,15 @@
  * Copyright 2021 Google LLC
  * Author: Ard Biesheuvel <ardb@google.com>
  *
- * This file is the core of the fips140.ko, which carries a number of crypto
- * algorithms and chaining mode templates that are also built into vmlinux.
- * This modules performs a load time integrity check, as mandated by FIPS 140,
- * and replaces registered crypto algorithms that appear on the FIPS 140 list
- * with ones provided by this module. This meets the FIPS 140 requirements for
- * a cryptographic software module.
+ * This file is the core of fips140.ko, which contains various crypto algorithms
+ * that are also built into vmlinux.  At load time, this module overrides the
+ * built-in implementations of these algorithms with its implementations.  It
+ * also runs self-tests on these algorithms and verifies the integrity of its
+ * code and data.  If either of these steps fails, the kernel will panic.
+ *
+ * This module is intended to be loaded at early boot time in order to meet
+ * FIPS 140 and NIAP FPT_TST_EXT.1 requirements.  It shouldn't be used if you
+ * don't need to meet these requirements.
  */
 
 #include <linux/ctype.h>