Bug 1760938
Summary: | Integrate FIPS compliancy changes for libtpms | ||
---|---|---|---|
Product: | Red Hat Enterprise Linux Advanced Virtualization | Reporter: | John Ferlan <jferlan> |
Component: | libtpms | Assignee: | Marc-Andre Lureau <marcandre.lureau> |
Status: | CLOSED ERRATA | QA Contact: | Qinghua Cheng <qcheng> |
Severity: | high | Docs Contact: | |
Priority: | high | ||
Version: | 8.1 | CC: | coli, ddepaula, jinzhao, juzhang, knoel, marcandre.lureau, mtessun, yanqzhan |
Target Milestone: | rc | Keywords: | FutureFeature |
Target Release: | 8.0 | ||
Hardware: | Unspecified | ||
OS: | Unspecified | ||
Whiteboard: | |||
Fixed In Version: | libtpms-0.7.0-1.20191018gitdc116933b7.module+el8.2.0+4673+ff4b3b61 | Doc Type: | If docs needed, set a value |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2020-05-05 09:50:34 UTC | Type: | Feature Request |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: |
Description
John Ferlan
2019-10-11 18:48:49 UTC
I updated dist-git libtpms package to 0.7.0-1.20191018gitdc116933b7, which has all the known FIPS-required changes known so far. Danilo, is it part of the rhel av 8.1.1 module already? curl -s "https://mbs.engineering.redhat.com/module-build-service/1/module-builds/?name=virt&stream=8.1&state=5&base_module_br_stream=el8.1.1" | grep libtpms "nvr": "libtpms-0.7.0-1.20191018gitdc116933b7.module+el8.1.1+4465+eb77c0ac" So yes And, for the record, 8.2 as well: libtpms-0.7.0-1.20191018gitdc116933b7.module+el8.2.0+4673+ff4b3b61 Danilo, you will take care of adding to errata and moving to MODIFIED? rather ONQA BZ already part of the errata, cleaning the request. Hi Marc-Andre, To my understanding of this bug, it is a crypto function changes in libtpms. Is there any suggested tests or any use cases that I can use to verify this bug? Or execute vtpm function tests is ok to verify it ? Thanks, Qinghua Cheng Nothing special can be tested, it is some internal crypto functions that have been replaced with OpenSSL, and it's an on-going effort. (see upstream bug https://github.com/stefanberger/libtpms/issues/51) Libvirt QE and qume QE tested on Linux and Windows guests. No regression bug found. Change the status to verified. Linux test is PASS, results: https://libvirt-jenkins.rhev-ci-vms.eng.rdu2.redhat.com/job/libvirt-RHEL-8.2-runtest-x86_64-function-tpm_emulator/4/testReport/ Window guest test result is PASS. Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHBA-2020:2017 |