Loading...

XML

Word

Printable

Type: Story
Resolution: Unresolved
Priority: Undefined
Fix Version/s: None
Affects Version/s: None
Component/s: kernel / Virtualization / Public Cloud Enablement
Labels:
- Azure

Severity:
Major
Epic Link:
RHELOPC-36

Pool Team:

sst_virtualization_cloud
Sub-System Group:

ssg_virtualization

Story Points:
1
Blocked:
False
Blocked Reason:

Hide

None

Show
None
Sprint:
RHELOPC Sprint 1, RHELOPC Sprint 2, RHELOPC Sprint 3, RHELOPC Blocked

Test Link:
https://polarion.engineering.redhat.com/polarion/#/project/RHELVIRT/workitem?id=VIRT-300467
Test Coverage:

Yes

Experience:

SFDC Cases Counter:
SFDC Cases Links:

Goal

North America Public Sales (NAPS) team was asking how to optionally enable FIPS in RHEL UKIs.

In UKIs, this can be achieved effortlessly by creating a`fips=1` UKI addon and provide it in the ESP (/boot/efi/Linux/<UKI>.extra.d/ or /boot/efi/loader/addons). In this way, when the addon is present, the kernel cmdline will contain `fips=1`, when removed there won't be any `fips` option enabled.

Requires systemd v254 at least (ukify needs to be able to build an addon, kernel.spec should be able to create addons)

Acceptance Criteria

In order to verify if this works:

Create the UKI addon
Add it to /boot/efi/loader/addons and reboot. Check that /proc/cmdline contains `fips=1`
Remove it from /boot/efi/loader/addons and reboot. Check that /proc/cmdline does not contain `fips=1`

Assignee:: Emanuele Giuseppe Esposito

Reporter:: Emanuele Giuseppe Esposito

Developer:: Emanuele Giuseppe Esposito

QA Contact:: Li Tian

Votes:: 0 Vote for this issue

Watchers:: 9 Start watching this issue

Created:: 2024/01/29 1:15 PM

Updated:: 2024/04/08 3:39 PM

Details

Description

Goal

Acceptance Criteria

Attachments

Activity

People

Dates