libgcrypt20 is not a FIPS certified library. On a machine running FIPS enabled kernel, the library automatically goes into FIPS mode if /proc/sys/crypto/fips_enabled=1. FIPS mode is not a configurable option currently in the library. In FIPS mode, it runs self tests and integrity checks and it looks for quality entropy from /dev/random.
On encrypted installations, cryptsetup uses libgcrypt20. During boot on an encrypted machine running in FIPS mode, cryptsetup invokes libgcrypt and it stalls looking for quality entropy from /dev/random. This results in significant delays during startup. The issue was reported by a FIPS customer.
libgcrypt20 is not a FIPS certified library. On a machine running FIPS enabled kernel, the library automatically goes into FIPS mode if /proc/sys/ crypto/ fips_enabled= 1. FIPS mode is not a configurable option currently in the library. In FIPS mode, it runs self tests and integrity checks and it looks for quality entropy from /dev/random.
On encrypted installations, cryptsetup uses libgcrypt20. During boot on an encrypted machine running in FIPS mode, cryptsetup invokes libgcrypt and it stalls looking for quality entropy from /dev/random. This results in significant delays during startup. The issue was reported by a FIPS customer.
lsb_release -rd
Description: Ubuntu 16.04.3 LTS
Release: 16.04
version - 1.6.5-2ubuntu0.3