[Bug 1748310] Re: boot stalls looking for entropy in FIPS mode
Hans Joachim Desserud
1748310 at bugs.launchpad.net
Fri Feb 9 17:15:15 UTC 2018
** Tags added: xenial
--
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to libgcrypt20 in Ubuntu.
https://bugs.launchpad.net/bugs/1748310
Title:
boot stalls looking for entropy in FIPS mode
Status in libgcrypt20 package in Ubuntu:
New
Bug description:
libgcrypt20 is not a FIPS certified library. On a machine running FIPS
enabled kernel, the library automatically goes into FIPS mode if
/proc/sys/crypto/fips_enabled=1. FIPS mode is not a configurable
option currently in the library. In FIPS mode, it runs self tests and
integrity checks and it looks for quality entropy from /dev/random.
On encrypted installations, cryptsetup uses libgcrypt20. During boot
on an encrypted machine running in FIPS mode, cryptsetup invokes
libgcrypt and it stalls looking for quality entropy from /dev/random.
This results in significant delays during startup. The issue was
reported by a FIPS customer.
lsb_release -rd
Description: Ubuntu 16.04.3 LTS
Release: 16.04
version - 1.6.5-2ubuntu0.3
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/libgcrypt20/+bug/1748310/+subscriptions
More information about the foundations-bugs
mailing list