Loading...

XML

Word

Printable

Type: Bug
Resolution: Unresolved
Priority: Normal
Fix Version/s: rhel-9.5
Affects Version/s: rhel-9.5
Component/s: crypto-policies
Labels:
- Accepted
- CY24Q3

Fixed in Build:
crypto-policies-20240815-1.gite217f03.el9
Regression:
None
Severity:
None
Epic Link:
CRYPTO-13095
sprint_count:
1

Pool Team:

sst_security_crypto
Sub-System Group:

ssg_security

Internal Target Milestone:
26
Story Points:
0.5
Blocked:
False
Blocked Reason:

Hide

None

Show
None
Product Documentation Required:
No
Sprint:
Crypto24Q3

Acceptance Criteria:

Hide

AC1) fips-mode-setup --enable displays a 15 seconds countdown and an extra warning, stating that this operation cannot be undone and reinstalling with fips=1 is the recommended way to enable fips mode, it is possible to cancel within 15 seconds (then no changes are made), after that FIPS is enabled correctly.

AC2) fips-mode-setup --disable displays a 15 seconds countdown and an extra warning, stating that this operation cannot be undone and is not supported, it is possible to cancel within 15 second (then no changes are made), after that FIPS is disabled correctly.

AC3) Installation in FIPS mode still works flawlessly.

Show
AC1) fips-mode-setup --enable displays a 15 seconds countdown and an extra warning, stating that this operation cannot be undone and reinstalling with fips=1 is the recommended way to enable fips mode, it is possible to cancel within 15 seconds (then no changes are made), after that FIPS is enabled correctly. AC2) fips-mode-setup --disable displays a 15 seconds countdown and an extra warning, stating that this operation cannot be undone and is not supported, it is possible to cancel within 15 second (then no changes are made), after that FIPS is disabled correctly. AC3) Installation in FIPS mode still works flawlessly.
Test Plan:
http://10.2.68.92/plan/35059/crypto-policies-rhel-9-5-0-er-129971
Preliminary Testing:
Pass
Test Link:
http://10.2.68.92/case/0615854
Errata Link:
https://errata.engineering.redhat.com/advisory/129971
Gating Tests:

Enabled
Test Coverage:

Automated

Release Note Type:
Unspecified Release Note Type - Unknown

Experience:

SFDC Cases Counter:
SFDC Cases Open:
SFDC Cases Links:

Planning:
None

As described in RHEL-28848, fips-mode-setup should warn the user that neither enabling and disabling FIPS mode are reversible operations, and reinstalling is the recommended way. Might as well throw in a scary warning and a countdown.

links to

RHBA-2024:129971 crypto-policies bug fix and enhancement update

Assignee:: Alexander Sosedkin

Reporter:: Alexander Sosedkin

Developer:: Alexander Sosedkin

QA Contact:: Ondrej Moris

Votes:: 0 Vote for this issue

Watchers:: 3 Start watching this issue

Created:: 2024/07/01 9:05 AM

Updated:: 2024/09/10 8:35 AM

Target end:: 2024/08/26

Details

Description

Attachments

Issue Links

Activity

People

Dates