Public bug reported:
libgcrypt20 is not a FIPS certified library. On a machine running FIPS
enabled kernel, the library automatically goes into FIPS mode if
/proc/sys/crypto/fips_enabled=1. FIPS mode is not a configurable option
currently in the library. In FIPS mode, it runs self tests and integrity
checks and it looks for quality entropy from /dev/random.
On encrypted installations, cryptsetup uses libgcrypt20. During boot on
an encrypted machine running in FIPS mode, cryptsetup invokes libgcrypt
and it stalls looking for quality entropy from /dev/random. This results
in significant delays during startup. The issue was reported by a FIPS
customer.
lsb_release -rd
Description: Ubuntu 16.04.3 LTS
Release: 16.04
version - 1.6.5-2ubuntu0.3
** Affects: libgcrypt20 (Ubuntu)
Importance: Undecided
Status: New
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1748310
Title:
boot stalls looking for entropy in FIPS mode
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/libgcrypt20/+bug/1748310/+subscriptions
--
ubuntu-bugs mailing list
[email protected]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
