[Bug 2112154] Re: fips: Fatal: unexpected error from getentropy: Invalid argument

Craig 2112154 at bugs.launchpad.net
Thu May 29 22:34:07 UTC 2025 

I suspect that the root cause of this issue is that Ubuntu Pro FIPS's
libgcrypt relies on the Linux getrandom syscall accepting a GRND_RESEED
flag, but that flag is not in the upstream Linux kernel so no kernels
other than those supplies by Ubuntu Pro support it.

I think the solution is to either not use the GRND_RESEED flag, or to
submit the addition of the flag to the Linux kernel project so all
kernels will eventually support it.

-- 
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to libgcrypt20 in Ubuntu.
https://bugs.launchpad.net/bugs/2112154

Title:
  fips: Fatal: unexpected error from getentropy: Invalid argument

Status in libgcrypt20 package in Ubuntu:
  New

Bug description:
  Running Ubuntu Pro with FIPS enabled on a kernel other than the one
  provided by Jammy results in an error.

  Until a Focal kernel update released in April, this error occurred
  when Ubuntu Jammy FIPS was run on Ubuntu Focal too. See
  https://bugs.launchpad.net/ubuntu/+source/linux/+bug/2055825

  For example, running an Ubuntu Pro 22.04 with FIPS enabled docker
  image on Amazon Linux 2023 fails when apt-get is used.

  Here's how to reproduce this issue:
  1. Run AL2023 in FIPS mode in a virtual machine
  2. docker run -it registry1.dso.mil.ironbank/canonical/ubuntu-pro-cis-fips-stig:22.04_stable (see https://ironbank.dso.mil/repomap/details;registry1Path=canonical%252Fubuntu-pro-cis-fips-stig)
  3. In the container, run apt-get update

  The result is this error:

  Fatal: unexpected error from getentropy: Invalid argument
  fatal error in libgcrypt, file ../../src/misc.c, line 146, function _gcry_logv: internal error (fatal or bug)
  Aborted (core dumped)

  
  I believe this issue is also reproducible when using kernels provided by other vendors, such as Microsoft's Azure Linux.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/libgcrypt20/+bug/2112154/+subscriptions

More information about the foundations-bugs mailing list