Back to bug 2129100

Who When What Removed Added
Red Hat Bugzilla 2022-09-22 14:00:32 UTC Pool ID sst_security_compliance_rhel_8
Red Hat One Jira (issues.redhat.com) 2022-09-22 14:04:32 UTC Link ID Red Hat Issue Tracker RHELPLAN-134708
Jan Pazdziora 2022-09-22 14:52:37 UTC CC jpazdziora
Jan Pazdziora 2022-09-22 15:09:44 UTC Blocks 1940119
Vojtech Polasek 2022-09-26 13:04:32 UTC Keywords Regression Triaged
Vojtech Polasek 2023-06-21 09:31:59 UTC CC sgrubb
Vojtech Polasek 2023-07-13 09:48:04 UTC Status NEW ASSIGNED
Marcus Burghardt 2023-07-25 10:28:28 UTC CC maburgha
Status ASSIGNED POST
Jan Černý 2023-07-27 13:54:06 UTC CC jcerny
Doc Text .Fixed rule enable_fips_mode on s390x architecture

The OVAL check in rule `enable_fips_mode` has been fixed to work correctly on the s390x architecture.
The check will not check the contents of `/boot/grub2/grubenv` file which isn't relevant on the 390x architecture
because on this architecture the GRUB bootloader isn't used. On the s390x architecture, only a test if argument `fips=1` for Linux kernel is present in `/boot/loader/entries/.*.conf` files is checked.
Doc Type If docs needed, set a value Bug Fix
Jiri Jaburek 2023-08-02 00:19:22 UTC CC jjaburek, vpolasek
Flags needinfo?(vpolasek)
Vojtech Polasek 2023-08-02 09:13:17 UTC Flags needinfo?(vpolasek)
Matěj Týč 2023-08-10 14:36:18 UTC Fixed In Version scap-security-guide-0.1.69-1.el8
Status POST MODIFIED
CC matyc
errata-xmlrpc 2023-08-17 20:20:34 UTC Status MODIFIED ON_QA
Mirek Jahoda 2023-08-22 13:40:37 UTC Docs Contact mjahoda
CC mjahoda
Milan Lysonek 2023-08-22 15:10:44 UTC QA Contact qe-baseos-security mlysonek
Doc Text .Fixed rule enable_fips_mode on s390x architecture

The OVAL check in rule `enable_fips_mode` has been fixed to work correctly on the s390x architecture.
The check will not check the contents of `/boot/grub2/grubenv` file which isn't relevant on the 390x architecture
because on this architecture the GRUB bootloader isn't used. On the s390x architecture, only a test if argument `fips=1` for Linux kernel is present in `/boot/loader/entries/.*.conf` files is checked.
.Fixed rule enable_fips_mode on s390x architecture

The OVAL check in rule `enable_fips_mode` has been fixed to work correctly on the s390x architecture.
The check will not check the contents of `/boot/grub2/grubenv` file which isn't relevant on the 390x architecture because on this architecture the GRUB bootloader isn't used. On the s390x architecture, only a test if argument `fips=1` for Linux kernel is present in `/boot/loader/entries/.*.conf` files is checked.
Status ON_QA VERIFIED
Mirek Jahoda 2023-08-29 13:47:08 UTC Docs Contact mjahoda phybl
Doc Text .Fixed rule enable_fips_mode on s390x architecture

The OVAL check in rule `enable_fips_mode` has been fixed to work correctly on the s390x architecture.
The check will not check the contents of `/boot/grub2/grubenv` file which isn't relevant on the 390x architecture because on this architecture the GRUB bootloader isn't used. On the s390x architecture, only a test if argument `fips=1` for Linux kernel is present in `/boot/loader/entries/.*.conf` files is checked.
"s390x" => "64-bit IBM Z"

https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/8.8_release_notes/architectures

.Fixed rule enable_fips_mode on s390x architecture

The OVAL check in rule `enable_fips_mode` has been fixed to work correctly on the s390x architecture.
The check will not check the contents of `/boot/grub2/grubenv` file which isn't relevant on the 390x architecture because on this architecture the GRUB bootloader isn't used. On the s390x architecture, only a test if argument `fips=1` for Linux kernel is present in `/boot/loader/entries/.*.conf` files is checked.
Petr Hybl 2023-09-12 07:44:19 UTC Doc Text "s390x" => "64-bit IBM Z"

https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/8.8_release_notes/architectures

.Fixed rule enable_fips_mode on s390x architecture

The OVAL check in rule `enable_fips_mode` has been fixed to work correctly on the s390x architecture.
The check will not check the contents of `/boot/grub2/grubenv` file which isn't relevant on the 390x architecture because on this architecture the GRUB bootloader isn't used. On the s390x architecture, only a test if argument `fips=1` for Linux kernel is present in `/boot/loader/entries/.*.conf` files is checked.
.`enable_fips_mode` rule now works correctly on 64-bit IBM Z architecture

The OVAL check in rule `enable_fips_mode` has been fixed to work correctly on the 64-bit IBM Z architecture. The check will no longer check the contents of `/boot/grub2/grubenv` file which isn't relevant to the 64-bit IBM Z architecture. On the 64-bit IBM Z architecture, the rule only checks if argument `fips=1` for Linux kernel is present in `/boot/loader/entries/.*.conf` files.
Flags needinfo?(vpolasek)
Marcus Burghardt 2023-09-12 07:54:46 UTC Flags needinfo?(vpolasek)
Petr Hybl 2023-09-18 08:52:23 UTC Doc Text .`enable_fips_mode` rule now works correctly on 64-bit IBM Z architecture

The OVAL check in rule `enable_fips_mode` has been fixed to work correctly on the 64-bit IBM Z architecture. The check will no longer check the contents of `/boot/grub2/grubenv` file which isn't relevant to the 64-bit IBM Z architecture. On the 64-bit IBM Z architecture, the rule only checks if argument `fips=1` for Linux kernel is present in `/boot/loader/entries/.*.conf` files.
.SCAP Security Guide rule `enable_fips_mode` now checks only the `fips=1` argument on 64-bit IBM Z architecture

The OVAL check in rule `enable_fips_mode` now works correctly on the 64-bit IBM Z architecture. The `enable_fips_mode` rule no longer checks the contents of the `/boot/grub2/grubenv` file, which is not relevant on 64-bit IBM Z systems. On 64-bit IBM Z systems, the rule only checks if the`fips=1` argument for the Linux kernel is present in `/boot/loader/entries/.*.conf` files.

Back to bug 2129100