Results 1 to 3 of 3

Thread: FIPS mode lost after an update

  1. #1
    Join Date
    Feb 2008

    FIPS mode lost after an update

    We are building/testing Ubuntu Focal Fossa (20.04) in FIPS mode; currently, in a VMware vm. Recently, after applying some updates and rebooting, the system appears to have lost FIPS mode. fips-mode-setup --check says "FIPS mode is ." Should this ever happen?

    The tools to configure this are (as I understand) meant to automate this process. When I go to re-enable FIPS mode, it next asks me to manually update the bootloader.

    So I see two problems... 1) FIPS mode was lost, 2) re-enabling this via "fips-mode-setup --enable" doesn't fully work, requiring some apparent manual updating. Additionally, the output of fips-mode-setup suggests a command called "grubby" isn't present -- which prompts a manual update of the loader, but it's not available in the repositories (that I can see) -- should it be, or even if this is a dependency would it make sense to have it a part of the FIPS or base distribution.

    For us to adopt Ubuntu/FIPS in our environment, we can't have FIPS mode being disabled like this, so I want to understand how to mitigate it.

    Last edited by faldrich; July 20th, 2023 at 04:31 PM.

  2. #2
    Join Date
    Feb 2008

    Re: FIPS mode lost after an update

    So, I think I solved the issue. The clevis-initramfs was missing. I joined the LUKS devices to the Tang servers, installed clevis-initramfs and rebooted, worked fine.

  3. #3
    Join Date
    Mar 2010
    Ubuntu Development Release

    Re: FIPS mode lost after an update

    Happy you found the problem.

    So you can mark this as "Solved" now?

    "Concurrent coexistence of Windows, Linux and UNIX..." || Ubuntu user # 33563, Linux user # 533637
    Sticky: Graphics Resolution | UbuntuForums 'system-info' Script | Posting Guidelines | Code Tags

Tags for this Thread


Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts