[Bug 1916773] [NEW] ua disable fips doesn't work in ua client 27

Wed, 24 Feb 2021 08:20:45 -0800 

Public bug reported:

I'm trying to disable FIPS from an Ubuntu Pro FIPS 18.04 image in AWS. I
updated to the latest ua client in the daily PPA.  I have a prompt to
disable it but it fails:

ubuntu@ip-172-31-60-238:~$ sudo add-apt-repository ppa:canonical-server
/ua-client-daily

ubuntu@ip-172-31-60-238:~$ sudo apt install ubuntu-advantage-pro ubuntu-
advantage-tools

ubuntu@ip-172-31-60-238:~$ ua version
27.0-945~gedf4a7e~ubuntu18.04.1

ubuntu@ip-172-31-60-238:~$ ua status
SERVICE       ENTITLED  STATUS    DESCRIPTION
cis-audit     no        —         Center for Internet Security Audit Tools
esm-infra     yes       enabled   UA Infra: Extended Security Maintenance
fips          yes       enabled   NIST-certified FIPS modules
fips-updates  no        —         Uncertified security updates to FIPS modules
livepatch     yes       n/a       Canonical Livepatch service
[...]

ubuntu@ip-172-31-60-238:~$ sudo ua disable fips
This will disable access to certified FIPS packages.
Are you sure? (y/N) y
Could not enable FIPS.

ubuntu@ip-172-31-60-238:~$ ua status
SERVICE       ENTITLED  STATUS    DESCRIPTION
cis-audit     no        —         Center for Internet Security Audit Tools
esm-infra     yes       enabled   UA Infra: Extended Security Maintenance
fips          yes       enabled   NIST-certified FIPS modules
fips-updates  no        —         Uncertified security updates to FIPS modules
livepatch     yes       n/a       Canonical Livepatch service
[...]

I tried rebooting after but I'm still running the fips kernel and fips
is enabled:

ubuntu@ip-172-31-60-238:~$ uname -a
Linux ip-172-31-60-238 4.15.0-2000-aws-fips #4-Ubuntu SMP Tue Jan 28 12:41:43 
UTC 2020 x86_64 x86_64 x86_64 GNU/Linux

ubuntu@ip-172-31-60-238:~$ cat /proc/sys/crypto/fips_enabled
1

** Affects: ifupdown (Ubuntu)
     Importance: Undecided
         Status: Invalid

** Changed in: ifupdown (Ubuntu)
       Status: New => Invalid

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1916773

Title:
  ua disable fips doesn't work in ua client 27

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/ifupdown/+bug/1916773/+subscriptions

-- 
ubuntu-bugs mailing list
[email protected]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

Reply via email to