Fix XTS encryption with FIPS enabled kernels
Bug #1715010 reported by
Marcelo Cerri
This bug affects 1 person
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
cryptsetup (Ubuntu) |
Fix Released
|
Medium
|
Marcelo Cerri | ||
Xenial |
Fix Released
|
Undecided
|
Unassigned | ||
Zesty |
Triaged
|
Medium
|
Unassigned |
Bug Description
SRU Justification:
Impact: The kernel crypto API rejects weak XTS keys in FIPS mode and the current version of cryptsetup in xenial do some tests with a zeroed key to check cipher availability in the kernel. These two behaviors combined make impossible to use disk encryption with XTS while using a kernel in FIPS mode.
Fix: apply the following fix to cryptsetup:
https:/
Testcase: Try to setup disk encryption with XTS while the kernel is in FIPS mode.
N.B.: This is not yet fixed in artful so cannot be released.
Changed in cryptsetup (Ubuntu): | |
importance: | Undecided → Medium |
tags: |
added: verification-done-xenial removed: verification-needed-xenial |
description: | updated |
Changed in cryptsetup (Ubuntu): | |
status: | Fix Committed → Fix Released |
Changed in cryptsetup (Ubuntu Zesty): | |
status: | New → Triaged |
importance: | Undecided → Medium |
To post a comment you must log in.
We'll have to wait with releasing the xenial change until the artful's 2:1.7.3-4ubuntu1 version migrates to the release pocket.
By the way - seeing this bug, doesn't this also affect zesty?