Ubuntu
linux package

linux-image-5.4.0-1024-fips - boots to kernel panic on AMD EPYC 7262 CPU - drbg_nopr_sha512

Bug #2045322 reported by XanderCDN
8
This bug affects 1 person
Affects Status Importance Assigned to Milestone
linux (Ubuntu)
In Progress
Undecided
gerald.yang

Bug Description

On a stock/default installation of Ubuntu 20.04.6LTS with Ubuntu Pro activated, running pro enable fips on a system with an AMD EPYC 7262 results in a kernel panic during boot. Issue not reproducible on Intel processors.

Kernel panic - not syncing: random: Failed to reset DRBG (drbg_nopr_sha512): -2

Will include full screenshot of kernel panic as an attachment to this report.

How the system was built:
Hardware: HPE Proliant DL385Gen10 with an EPYC 7262 processor, running VMware ESXi 7.0u3.
Using the latest ISO ubuntu-20.04.6-live-server-amd64.iso to install a stock installation (choose the defaults all the way through the setup) of Ubuntu in a VMware ESXi 7.0u3 virtual machine.
Once the setup is completed and the system reboots into the newly installed system, I run apt-get update, apt-get upgrade, apt-get dist-upgrade, to apply all updates and reboot.
Then, I run: pro enable fips, press Y to confirm the installation, and reboot once it says to reboot to apply FIPS settings.

System boots into kernel panic.
Editing grub entry for the same kernel to change fips=1 to fips=0 bypasses the kernel panic and allows the system to boot normally.

Revision history for this message
XanderCDN (xandercdn) wrote :

attached version.log

Revision history for this message
XanderCDN (xandercdn) wrote :

attached lspci-vnvn.log

Revision history for this message
XanderCDN (xandercdn) wrote :

attached kernel-panic-screenshot.png

Revision history for this message
Ubuntu Foundations Team Bug Bot (crichton) wrote :

Thank you for taking the time to report this bug and helping to make Ubuntu better. It seems that your bug report is not filed about a specific source package though, rather it is just filed against Ubuntu in general. It is important that bug reports be filed about source packages so that people interested in the package can find the bugs about it. You can find some hints about determining what package your bug might be about at https://wiki.ubuntu.com/Bugs/FindRightPackage. You might also ask for help in the #ubuntu-bugs irc channel on Libera.chat.

To change the source package that this bug is filed about visit https://bugs.launchpad.net/ubuntu/+bug/2045322/+editstatus and add the package name in the text box next to the word Package.

[This is an automated message. I apologize if it reached you inappropriately; please just reply to this message indicating so.]

tags: added: bot-comment
Paul White (paulw2u)
affects: ubuntu → linux (Ubuntu)
tags: added: focal
gerald.yang (gerald-yang-tw)
Changed in linux (Ubuntu):
assignee: nobody → gerald.yang (gerald-yang-tw)
status: New → In Progress
Revision history for this message
gerald.yang (gerald-yang-tw) wrote :

I've sent out the SRU to fix the issue:
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/2069715

will keep you posted

To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.