FIPS 140-2 compliant Kernel
Bug #1640235 reported by
Luke Hinds
This bug affects 1 person
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
tripleo |
Expired
|
Undecided
|
Unassigned |
Bug Description
Operators are often required to run a FIPS 140-2 compliant kernel that is needed for AES-NI crypto operations.
This requires some new packages including dracut-fips, dracut-fips-aesni and a new additional argument passed to grub `fips=1`
Full manual steps are outlined here: https:/
It is expected that this will be achieved using tripleo-
Changed in tripleo: | |
importance: | Undecided → High |
Changed in tripleo: | |
assignee: | nobody → Luke Hinds (lhinds) |
Changed in tripleo: | |
assignee: | Luke Hinds (lhinds) → Yolanda Robla (yolanda.robla) |
Changed in tripleo: | |
milestone: | ocata-3 → none |
To post a comment you must log in.
I think the steps for TripleO may look a little different, e.g we want the changes to files to happen inside the image, then we want Ironic to deploy the required kernel (ideally we really don't want to install a new kernel and reboot after the initial deploy as this can be really slow on some bare-metal platforms)