Back to bug 2163497
| Who | When | What | Removed | Added |
|---|---|---|---|---|
| Red Hat Bugzilla | 2023-01-23 17:27:55 UTC | Pool ID | sst_installer_rhel_9 | |
| Red Hat One Jira (issues.redhat.com) | 2023-01-23 17:28:53 UTC | Link ID | Red Hat Issue Tracker RHELPLAN-146040 | |
| Jan Stodola | 2023-01-23 17:34:13 UTC | Comment | 0 | updated |
| Vojtech Trefny | 2023-01-24 10:47:14 UTC | CC | vtrefny | |
| Vladimír Slávik | 2023-01-25 08:04:30 UTC | CC | vslavik | |
| Jan Stodola | 2023-01-26 09:46:39 UTC | Keywords | Triaged | |
| Steve Barcomb | 2023-01-30 14:02:50 UTC | CC | sbarcomb | |
| Jan Stodola | 2023-01-30 15:03:34 UTC | Flags | needinfo?(ssorce) | |
| CC | ssorce | |||
| Simo Sorce | 2023-01-30 15:59:50 UTC | Flags | needinfo?(ssorce) | |
| Jiri Konecny | 2023-01-31 11:36:13 UTC | CC | jkonecny | |
| Jan Stodola | 2023-02-21 14:34:11 UTC | Doc Type | If docs needed, set a value | Known Issue |
| Jan Stodola | 2023-02-21 17:58:58 UTC | Doc Text | Cause: The minimal length of a passphrase used for LUKS devices has been set to 8 bytes when the system is running in FIPS mode. Consequence: The installer crashes when creating a LUKS device with a passphrase shorter than 8 bytes and when the installation is running in FIPS mode. Workaround (if any): Use a LUKS passphrase at least 8 bytes long. Since some characters need more than one byte to encode, it could be enough to use less than 8 characters in some cases, depending on the used characters. A passphrase with at least 8 characters will work in all cases. Result: LUKS devices are successfully created in FIPS mode. | |
| Flags | needinfo?(jkonecny) | |||
| Jiri Konecny | 2023-02-22 10:02:33 UTC | Flags | needinfo?(jkonecny) | |
| Sagar Dubewar | 2023-02-22 11:56:23 UTC | Doc Text | Cause: The minimal length of a passphrase used for LUKS devices has been set to 8 bytes when the system is running in FIPS mode. Consequence: The installer crashes when creating a LUKS device with a passphrase shorter than 8 bytes and when the installation is running in FIPS mode. Workaround (if any): Use a LUKS passphrase at least 8 bytes long. Since some characters need more than one byte to encode, it could be enough to use less than 8 characters in some cases, depending on the used characters. A passphrase with at least 8 characters will work in all cases. Result: LUKS devices are successfully created in FIPS mode. | .Installer crashes in the FIPS mode while creating LUKS devices with short paraphrase The minimal length of a passphrase used for LUKS devices is 8 bytes when the system is running in the FIPS mode. As a consequence, when creating a LUKS device with a passphrase shorter than 8 bytes and installation running in FIPS mode, the installer crashes. To work around this problem, use a LUKS passphrase that is 8 bytes long. As a result, the installer does not crash when creating LUKS devices in FIPS mode. Some characters take more than one byte to encode, therefore you can use less than 8 characters in some cases, depending on the characters used. A passphrase with at least 8 characters works in all cases. |
| CC | sdubewar | |||
| Jan Stodola | 2023-03-10 09:55:27 UTC | Keywords | TestCaseNeeded | |
| Lenka Špačková | 2023-03-13 07:04:52 UTC | Docs Contact | sdubewar | |
| Jiri Konecny | 2023-03-30 11:51:47 UTC | Assignee | anaconda-maint-list | vslavik |
| Release Test Team | 2023-05-02 10:44:51 UTC | Link ID | Red Hat Issue Tracker RTT-5265 | |
| Release Test Team | 2023-05-02 10:44:56 UTC | Link ID | Red Hat Issue Tracker RTT-5266 | |
| Release Test Team | 2023-05-02 10:45:00 UTC | Link ID | Red Hat Issue Tracker RTT-5267 | |
| Jan Stodola | 2023-05-02 14:25:54 UTC | Flags | needinfo?(sdubewar) | |
| Sagar Dubewar | 2023-05-03 11:58:28 UTC | Doc Text | .Installer crashes in the FIPS mode while creating LUKS devices with short paraphrase The minimal length of a passphrase used for LUKS devices is 8 bytes when the system is running in the FIPS mode. As a consequence, when creating a LUKS device with a passphrase shorter than 8 bytes and installation running in FIPS mode, the installer crashes. To work around this problem, use a LUKS passphrase that is 8 bytes long. As a result, the installer does not crash when creating LUKS devices in FIPS mode. Some characters take more than one byte to encode, therefore you can use less than 8 characters in some cases, depending on the characters used. A passphrase with at least 8 characters works in all cases. | .Installer crashes in the FIPS mode while creating LUKS devices with short passphrase The minimal length of a passphrase used for LUKS devices is 8 bytes when the system is running in the FIPS mode. As a consequence, when creating a LUKS device with a passphrase shorter than 8 bytes and installation running in FIPS mode, the installer crashes. To work around this problem, use a LUKS passphrase that is at least 8 bytes long. As a result, the installer does not crash when creating LUKS devices in FIPS mode. Some characters take more than one byte to encode, therefore you can use less than 8 characters in some cases, depending on the characters used. A passphrase with at least 8 characters works in all cases. |
| Flags | needinfo?(sdubewar) | |||
| Vladimír Slávik | 2023-05-23 18:10:53 UTC | Status | NEW | POST |
| Vladimír Slávik | 2023-06-07 11:30:36 UTC | Fixed In Version | anaconda-34.25.3.2-1.el9 | |
| Status | POST | MODIFIED | ||
| Jiri Kortus | 2023-06-09 14:43:07 UTC | CC | jikortus | |
| errata-xmlrpc | 2023-06-09 14:45:46 UTC | Status | MODIFIED | ON_QA |
| Jan Stodola | 2023-06-13 11:35:25 UTC | Doc Text | .Installer crashes in the FIPS mode while creating LUKS devices with short passphrase The minimal length of a passphrase used for LUKS devices is 8 bytes when the system is running in the FIPS mode. As a consequence, when creating a LUKS device with a passphrase shorter than 8 bytes and installation running in FIPS mode, the installer crashes. To work around this problem, use a LUKS passphrase that is at least 8 bytes long. As a result, the installer does not crash when creating LUKS devices in FIPS mode. Some characters take more than one byte to encode, therefore you can use less than 8 characters in some cases, depending on the characters used. A passphrase with at least 8 characters works in all cases. | The installer now requires to use a passphrase with at least 8 characters for encrypted disk devices when the installation is running in FIPS mode. |
| Flags | needinfo?(vslavik) needinfo?(sdubewar) | |||
| Doc Type | Known Issue | Release Note | ||
| Jan Stodola | 2023-06-13 11:36:09 UTC | Status | ON_QA | VERIFIED |
| Vladimír Slávik | 2023-06-13 16:17:20 UTC | Flags | needinfo?(vslavik) | |
| Jan Stodola | 2023-06-14 07:44:39 UTC | Doc Text | The installer now requires to use a passphrase with at least 8 characters for encrypted disk devices when the installation is running in FIPS mode. | Previously, anaconda did not check if the length of LUKS passphrases satisfies the FIPS requirements, while the underlying tools did perform this check. As a consequence, installing in FIPS mode with too weak LUKS passphrase caused the installer to terminate prematurely. The installer has been extended to detect this situation and enforce the passphrase minimal length. As a result, the installer informs users about too weak LUKS passphrases in FIPS mode instead of unexpected termination. Note that while the underlying requirement is for a passphrase minimal length of 8 bytes, the installer enforces the passphrase length as 8 characters in the UTF-8 encoding. This makes the rule even more strict. |
| Sagar Dubewar | 2023-06-14 07:53:16 UTC | Doc Text | Previously, anaconda did not check if the length of LUKS passphrases satisfies the FIPS requirements, while the underlying tools did perform this check. As a consequence, installing in FIPS mode with too weak LUKS passphrase caused the installer to terminate prematurely. The installer has been extended to detect this situation and enforce the passphrase minimal length. As a result, the installer informs users about too weak LUKS passphrases in FIPS mode instead of unexpected termination. Note that while the underlying requirement is for a passphrase minimal length of 8 bytes, the installer enforces the passphrase length as 8 characters in the UTF-8 encoding. This makes the rule even more strict. | The installer now requires to use a passphrase with at least 8 characters for encrypted disk devices when the installation is running in FIPS mode. |
| Flags | needinfo?(sdubewar) | needinfo?(jstodola) | ||
| Gabi Fialová | 2023-06-19 13:18:17 UTC | Doc Type | Release Note | Known Issue |
| CC | gfialova | |||
| Jan Stodola | 2023-06-22 10:45:23 UTC | Flags | needinfo?(jstodola) | |
| Sagar Dubewar | 2023-07-05 07:56:14 UTC | Doc Text | The installer now requires to use a passphrase with at least 8 characters for encrypted disk devices when the installation is running in FIPS mode. | .Anaconda now validates LUKS passphrases for the FIPS requirements Previously, Anaconda did not check if the length of LUKS passphrases satisfies the FIPS requirements, while the underlying tools performed this check. As a consequence, installing in FIPS mode with a passphrase shorter than 8 characters caused the installer to terminate prematurely. With this update, the installer has been improved to validate and enforce the minimum length for passphrase. As a result, the installer informs if the LUKS passphrase is too short for use in the FIPS mode and prevents the unexpected termination. |
| Doc Type | Known Issue | Bug Fix |
Back to bug 2163497