[Bug 1916773] Re: ua disable fips doesn't work in ua client 27

David Coronel 1916773 at bugs.launchpad.net
Wed Feb 24 16:11:51 UTC 2021 

wrong project

-- 
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to ifupdown in Ubuntu.
https://bugs.launchpad.net/bugs/1916773

Title:
  ua disable fips doesn't work in ua client 27

Status in ifupdown package in Ubuntu:
  Invalid

Bug description:
  I'm trying to disable FIPS from an Ubuntu Pro FIPS 18.04 image in AWS.
  I updated to the latest ua client in the daily PPA.  I have a prompt
  to disable it but it fails:

  ubuntu at ip-172-31-60-238:~$ sudo add-apt-repository ppa:canonical-
  server/ua-client-daily

  ubuntu at ip-172-31-60-238:~$ sudo apt install ubuntu-advantage-pro
  ubuntu-advantage-tools

  ubuntu at ip-172-31-60-238:~$ ua version
  27.0-945~gedf4a7e~ubuntu18.04.1

  ubuntu at ip-172-31-60-238:~$ ua status
  SERVICE       ENTITLED  STATUS    DESCRIPTION
  cis-audit     no        —         Center for Internet Security Audit Tools
  esm-infra     yes       enabled   UA Infra: Extended Security Maintenance
  fips          yes       enabled   NIST-certified FIPS modules
  fips-updates  no        —         Uncertified security updates to FIPS modules
  livepatch     yes       n/a       Canonical Livepatch service
  [...]

  ubuntu at ip-172-31-60-238:~$ sudo ua disable fips
  This will disable access to certified FIPS packages.
  Are you sure? (y/N) y
  Could not enable FIPS.

  ubuntu at ip-172-31-60-238:~$ ua status
  SERVICE       ENTITLED  STATUS    DESCRIPTION
  cis-audit     no        —         Center for Internet Security Audit Tools
  esm-infra     yes       enabled   UA Infra: Extended Security Maintenance
  fips          yes       enabled   NIST-certified FIPS modules
  fips-updates  no        —         Uncertified security updates to FIPS modules
  livepatch     yes       n/a       Canonical Livepatch service
  [...]

  I tried rebooting after but I'm still running the fips kernel and fips
  is enabled:

  ubuntu at ip-172-31-60-238:~$ uname -a
  Linux ip-172-31-60-238 4.15.0-2000-aws-fips #4-Ubuntu SMP Tue Jan 28 12:41:43 UTC 2020 x86_64 x86_64 x86_64 GNU/Linux

  ubuntu at ip-172-31-60-238:~$ cat /proc/sys/crypto/fips_enabled
  1

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/ifupdown/+bug/1916773/+subscriptions

More information about the foundations-bugs mailing list