[Bug 1748310] Re: [SRU][xenial]boot stalls looking for entropy in FIPS mode
Vineetha Hari Pai
1748310 at bugs.launchpad.net
Fri Feb 9 17:54:02 UTC 2018
** Summary changed:
- boot stalls looking for entropy in FIPS mode
+ [SRU][xenial]boot stalls looking for entropy in FIPS mode
** Changed in: libgcrypt20 (Ubuntu)
Assignee: (unassigned) => Vineetha Hari Pai (vineetha)
--
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to libgcrypt20 in Ubuntu.
https://bugs.launchpad.net/bugs/1748310
Title:
[SRU][xenial]boot stalls looking for entropy in FIPS mode
Status in libgcrypt20 package in Ubuntu:
New
Bug description:
libgcrypt20 is not a FIPS certified library. On a machine running FIPS
enabled kernel, the library automatically goes into FIPS mode if
/proc/sys/crypto/fips_enabled=1. FIPS mode is not a configurable
option currently in the library. In FIPS mode, it runs self tests and
integrity checks and it looks for quality entropy from /dev/random.
On encrypted installations, cryptsetup uses libgcrypt20. During boot
on an encrypted machine running in FIPS mode, cryptsetup invokes
libgcrypt and it stalls looking for quality entropy from /dev/random.
This results in significant delays during startup. The issue was
reported by a FIPS customer.
lsb_release -rd
Description: Ubuntu 16.04.3 LTS
Release: 16.04
version - 1.6.5-2ubuntu0.3
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/libgcrypt20/+bug/1748310/+subscriptions
More information about the foundations-bugs
mailing list