Enabled DRBG block in TRNG
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
linux-bluefield (Ubuntu) |
Invalid
|
Undecided
|
Unassigned | ||
Focal |
Fix Released
|
Medium
|
Mahantesh Salimath |
Bug Description
For TRNG(True Random Number Generator) to be FIPS (Federal Information Processing Standards) compliant, DRBG (Deterministic Random Bit Generator) block needs to be enabled.
SRU Justification:
[Impact]
* To be FIPS compliant and to achieve TRNG robustness, DRBG needs to be enabled in TRNG.
[Fix]
* Enable DRBG "pka: Enable DRBG block in TRNG"
[Test Case]
* Use OpenSSL to get random bytes from DRBG enabled TRNG.
# openssl rand -engine pka 512
[Regression Potential]
* Before enabling DRBG, tests are carried out to verify the functioning of DRBG.
If any of these tests fail then TRNG will be disabled (this is as per FIPS
compliance requirements). Hence, TRNG inside PKA HW will be unavailable.
description: | updated |
description: | updated |
description: | updated |
Changed in linux-bluefield (Ubuntu Focal): | |
assignee: | nobody → Mahantesh Salimath (mahantesh92) |
importance: | Undecided → Medium |
status: | New → In Progress |
Changed in linux-bluefield (Ubuntu): | |
status: | New → Invalid |
Changed in linux-bluefield (Ubuntu Focal): | |
status: | In Progress → Fix Committed |
tags: |
added: verification-done-focal removed: verification-needed-focal |
This bug is awaiting verification that the kernel in -proposed solves the problem. Please test the kernel and update this bug with the results. If the problem is solved, change the tag 'verification- needed- focal' to 'verification- done-focal' . If the problem still exists, change the tag 'verification- needed- focal' to 'verification- failed- focal'.
If verification is not done by 5 working days from today, this fix will be dropped from the source code, and this bug will be closed.
See https:/ /wiki.ubuntu. com/Testing/ EnableProposed for documentation how to enable and use -proposed. Thank you!