Ubuntu
libgcrypt20 package

Overview
Code
Bugs
Blueprints
Translations
Answers

Bug #1748310
Comment #0

Comment 0 for bug 1748310

Revision history for this message

Vineetha Kamath (vineetha) wrote on 2018-02-08: boot stalls looking for entropy in FIPS mode

libgcrypt20 is not a FIPS certified library. On a machine running FIPS enabled kernel, the library automatically goes into FIPS mode if /proc/sys/crypto/fips_enabled=1. FIPS mode is not a configurable option currently in the library. In FIPS mode, it runs self tests and integrity checks and it looks for quality entropy from /dev/random.

On encrypted installations, cryptsetup uses libgcrypt20. During boot on an encrypted machine running in FIPS mode, cryptsetup invokes libgcrypt and it stalls looking for quality entropy from /dev/random. This results in significant delays during startup. The issue was reported by a FIPS customer.

lsb_release -rd
Description: Ubuntu 16.04.3 LTS
Release: 16.04

version - 1.6.5-2ubuntu0.3

Ubuntulibgcrypt20 package

Comment 0 for bug 1748310

Ubuntu
libgcrypt20 package