Public bug reported:
I'm trying to disable FIPS from an Ubuntu Pro FIPS 18.04 image in AWS. I
updated to the latest ua client in the daily PPA. I have a prompt to
disable it but it fails:
ubuntu@ip-172-31-60-238:~$ sudo add-apt-repository ppa:canonical-server
/ua-client-daily
ubuntu@ip-172-31-60-238:~$ sudo apt install ubuntu-advantage-pro ubuntu-
advantage-tools
ubuntu@ip-172-31-60-238:~$ ua version
27.0-945~gedf4a7e~ubuntu18.04.1
ubuntu@ip-172-31-60-238:~$ ua status
SERVICE ENTITLED STATUS DESCRIPTION
cis-audit no — Center for Internet Security Audit Tools
esm-infra yes enabled UA Infra: Extended Security Maintenance
fips yes enabled NIST-certified FIPS modules
fips-updates no — Uncertified security updates to FIPS modules
livepatch yes n/a Canonical Livepatch service
[...]
ubuntu@ip-172-31-60-238:~$ sudo ua disable fips
This will disable access to certified FIPS packages.
Are you sure? (y/N) y
Could not enable FIPS.
ubuntu@ip-172-31-60-238:~$ ua status
SERVICE ENTITLED STATUS DESCRIPTION
cis-audit no — Center for Internet Security Audit Tools
esm-infra yes enabled UA Infra: Extended Security Maintenance
fips yes enabled NIST-certified FIPS modules
fips-updates no — Uncertified security updates to FIPS modules
livepatch yes n/a Canonical Livepatch service
[...]
I tried rebooting after but I'm still running the fips kernel and fips
is enabled:
ubuntu@ip-172-31-60-238:~$ uname -a
Linux ip-172-31-60-238 4.15.0-2000-aws-fips #4-Ubuntu SMP Tue Jan 28 12:41:43
UTC 2020 x86_64 x86_64 x86_64 GNU/Linux
ubuntu@ip-172-31-60-238:~$ cat /proc/sys/crypto/fips_enabled
1
** Affects: ifupdown (Ubuntu)
Importance: Undecided
Status: Invalid
** Changed in: ifupdown (Ubuntu)
Status: New => Invalid
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to ifupdown in Ubuntu.
https://bugs.launchpad.net/bugs/1916773
Title:
ua disable fips doesn't work in ua client 27
Status in ifupdown package in Ubuntu:
Invalid
Bug description:
I'm trying to disable FIPS from an Ubuntu Pro FIPS 18.04 image in AWS.
I updated to the latest ua client in the daily PPA. I have a prompt
to disable it but it fails:
ubuntu@ip-172-31-60-238:~$ sudo add-apt-repository ppa:canonical-
server/ua-client-daily
ubuntu@ip-172-31-60-238:~$ sudo apt install ubuntu-advantage-pro
ubuntu-advantage-tools
ubuntu@ip-172-31-60-238:~$ ua version
27.0-945~gedf4a7e~ubuntu18.04.1
ubuntu@ip-172-31-60-238:~$ ua status
SERVICE ENTITLED STATUS DESCRIPTION
cis-audit no — Center for Internet Security Audit Tools
esm-infra yes enabled UA Infra: Extended Security Maintenance
fips yes enabled NIST-certified FIPS modules
fips-updates no — Uncertified security updates to FIPS modules
livepatch yes n/a Canonical Livepatch service
[...]
ubuntu@ip-172-31-60-238:~$ sudo ua disable fips
This will disable access to certified FIPS packages.
Are you sure? (y/N) y
Could not enable FIPS.
ubuntu@ip-172-31-60-238:~$ ua status
SERVICE ENTITLED STATUS DESCRIPTION
cis-audit no — Center for Internet Security Audit Tools
esm-infra yes enabled UA Infra: Extended Security Maintenance
fips yes enabled NIST-certified FIPS modules
fips-updates no — Uncertified security updates to FIPS modules
livepatch yes n/a Canonical Livepatch service
[...]
I tried rebooting after but I'm still running the fips kernel and fips
is enabled:
ubuntu@ip-172-31-60-238:~$ uname -a
Linux ip-172-31-60-238 4.15.0-2000-aws-fips #4-Ubuntu SMP Tue Jan 28 12:41:43
UTC 2020 x86_64 x86_64 x86_64 GNU/Linux
ubuntu@ip-172-31-60-238:~$ cat /proc/sys/crypto/fips_enabled
1
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/ifupdown/+bug/1916773/+subscriptions
--
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help : https://help.launchpad.net/ListHelp
