Comment 0 for bug 1715010

SRU Justification:

Impact: The kernel crypto API rejects weak XTS keys in FIPS mode and the current version of cryptsetup in xenial do some tests with a zeroed key to check cipher availability in the kernel. These two behaviors combined make impossible to use disk encryption with XTS while using a kernel in FIPS mode.

Fix: apply the following fix to cryptsetup:

https://gitlab.com/cryptsetup/cryptsetup/commit/3c2135b36bbc52d052e4ced7c94dc4981eb07a53

Testcase: Try to setup disk encryption with XTS while the kernel is in FIPS mode.