Bug 2208049
| Summary: | DISA STIG should not require rngd.service on RHEL >= 8.4 (was: rngd.service fails to start with fips enabled) | ||
|---|---|---|---|
| Product: | Red Hat Enterprise Linux 8 | Reporter: | Scott Lee <scott.lee> |
| Component: | scap-security-guide | Assignee: | Vojtech Polasek <vpolasek> |
| Status: | NEW --- | QA Contact: | BaseOS QE Security Team <qe-baseos-security> |
| Severity: | high | Docs Contact: | |
| Priority: | high | ||
| Version: | 8.8 | CC: | cllang, ggasparb, mhaicman, mlysonek, rmetrich, vdronov, wsato |
| Target Milestone: | rc | Keywords: | Triaged |
| Target Release: | --- | ||
| Hardware: | x86_64 | ||
| OS: | Linux | ||
| Whiteboard: | |||
| Fixed In Version: | Doc Type: | If docs needed, set a value | |
| Doc Text: | Story Points: | --- | |
| Clone Of: | Environment: | ||
| Last Closed: | Type: | Bug | |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
Yes, this is not a bug but a feature. It was decided rngd should not run in FIPS mode. See bz2154804 for reason and details. In a short word, another entropy source is used in FIPS mode and rngd cannot seed it. I.e. rngd can run in FIPS mode, but it won't do anything useful. So "ConditionKernelCommandLine=" was added for rngd not to run in FIPS. This doesn't make much sense to me since STIG enforces running rngd, see https://www.stigviewer.com/stig/red_hat_enterprise_linux_8/2021-03-04/finding/V-230285 Additionally, from my understanding, the service is disabled on FIPS because jitterentropy cannot be used. If so, this doesn't make sense to me either, since it's not because one source cannot be used that other ones (pkcs11, etc.) should be disabled as well. Since by default all other sources but jitterentropy are excluded, probably the way to fix this is to enable some sources when having FIPS. Please clarify all this. My assumption is that this STIG rule is outdated and does not apply to RHEL8 since RHEL-8.3. This is a release when random generation was switched from using /dev/urandom to an in-kernel DRBG in FIPS mode. Exactly for a reason that /dev/urandom does not meet 800-90A requirements (bz1785660). > If so, this doesn't make sense to me either, since it's not because one source cannot be used that other ones (pkcs11, etc.) should be disabled as well. > Since by default all other sources but jitterentropy are excluded, probably the way to fix this is to enable some sources when having FIPS. I believe there is a little miswording in bz2154804. Please, read "in-kernel DRBG" instead of "jitterentropy source". So, all the entropy sources (jitterentropy, pkcs11, etc.) are excluded by disabling "rngd" service. Exactly for a reason that "rngd" service fills up /dev/urandom pool, but not in-kernel DRBG which is used in FIPS mode. I.e. rngd can run in FIPS mode, but it won't do anything useful. Crystal clear now, thanks a lot! a couple of additions, if I may, please. 1) The in-kernel DRBG was added in FIPS mode, exactly because /dev/urandom does not meet 800-90A requirements and the DRBG mentioned meets these requirements. 2) On a second look, the STIG requirement you've mentioned says nothing about FIPS mode. So it still holds true for RHEL8 not in FIPS mode. And "rngd" service runs fine in non-FIPS mode. The RHEL 8.8 kernel will be certified according to FIPS 140-3. The Entropy Certificates for that are already available. For the kernel see https://csrc.nist.gov/projects/cryptographic-module-validation-program/entropy-validations/certificate/8 and its public use document https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/entropy/E8_PublicUse.pdf, for the user space see https://csrc.nist.gov/projects/cryptographic-module-validation-program/entropy-validations/certificate/47 and its public use document https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/entropy/E47_PublicUse.pdf. Because OpenSSL uses a different construction for its DRBG, there's also a separate entropy certificate and public use document for that, but that's out of scope since you're asking for the kernel interface. I believe STIG is always combined with FIPS mode, so the STIG requirements imply having FIPS mode enabled. However, this particular STIG requirement is outdated and should be updated. Reassigning this to scap-security-guide, since more and more customer cases are being attached. Can the security compliance team please propose to DISA to relax this rule on RHEL >= 8.4? The rationale is that on 8.4 and above, we use the jitterentropy source, which cannot be seeded by rngd.service, nor does it need to be. For this reason bug 2154804 eventually disabled rngd.service in FIPS mode. For more details on the entropy source, you can reference the public use document for RHEL 8.6 (https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/entropy/E8_PublicUse.pdf) and its CMVP entropy certificate (https://csrc.nist.gov/projects/cryptographic-module-validation-program/entropy-validations/certificate/8). |
Description of problem: rngd.service fails to start with fips enabled Version-Release number of selected component (if applicable): RHEL8.8 rng-tools 6.15-3.el8 How reproducible: # fips-mode-setup --check FIPS mode is enabled. # systemctl restart rngd.service # systemctl status rngd.service ● rngd.service - Hardware RNG Entropy Gatherer Daemon Loaded: loaded (/usr/lib/systemd/system/rngd.service; enabled; vendor preset: enabled) Active: inactive (dead) since Wed 2023-05-17 19:22:15 UTC; 6min ago Condition: start condition failed at Wed 2023-05-17 19:28:26 UTC; 2s ago └─ ConditionKernelCommandLine=!fips=1 was not met Main PID: 231 (code=exited, status=0/SUCCESS) May 17 19:22:05 localhost rngd[231]: [rdrand]: Enabling RDRAND rng support May 17 19:22:05 localhost rngd[231]: [rdrand]: Initialized May 17 19:22:05 localhost rngd[231]: [jitter]: JITTER timeout set to 5 sec May 17 19:22:05 localhost rngd[231]: [jitter]: Initializing AES buffer May 17 19:22:09 localhost rngd[231]: [jitter]: Unable to obtain AES key, disabling JITTER source May 17 19:22:09 localhost rngd[231]: [jitter]: Initialization Failed May 17 19:22:15 localhost rngd[231]: [rdrand]: Shutting down May 17 19:22:15 localhost systemd[1]: Stopping Hardware RNG Entropy Gatherer Daemon... May 17 19:22:15 localhost systemd[1]: rngd.service: Succeeded. May 17 19:22:15 localhost systemd[1]: Stopped Hardware RNG Entropy Gatherer Daemon. Steps to Reproduce: 1. check and enable fips and reboot # fips-mode-setup --check Installation of FIPS modules is not completed. FIPS mode is disabled. # fips-mode-setup --enable Kernel initramdisks are being regenerated. This might take some time. Setting system policy to FIPS Note: System-wide crypto policies are applied on application start-up. It is recommended to restart the system for the change of policies to fully take place. FIPS mode will be enabled. Please reboot the system for the setting to take effect. # shutdown -r now 2. check the fips mode is enabled after the reboot # fips-mode-setup --check FIPS mode is enabled. 3. install rng-tools # dnf install rng-tools 4. start rngd.service # systemctl start rngd.service 5. check the status of rngd.service # systemctl status rngd.service ● rngd.service - Hardware RNG Entropy Gatherer Daemon Loaded: loaded (/usr/lib/systemd/system/rngd.service; enabled; vendor preset: enabled) Active: inactive (dead) since Wed 2023-05-17 19:22:15 UTC; 6min ago Condition: start condition failed at Wed 2023-05-17 19:28:26 UTC; 2s ago └─ ConditionKernelCommandLine=!fips=1 was not met Main PID: 231 (code=exited, status=0/SUCCESS) May 17 19:22:05 localhost rngd[231]: [rdrand]: Enabling RDRAND rng support May 17 19:22:05 localhost rngd[231]: [rdrand]: Initialized May 17 19:22:05 localhost rngd[231]: [jitter]: JITTER timeout set to 5 sec May 17 19:22:05 localhost rngd[231]: [jitter]: Initializing AES buffer May 17 19:22:09 localhost rngd[231]: [jitter]: Unable to obtain AES key, disabling JITTER source May 17 19:22:09 localhost rngd[231]: [jitter]: Initialization Failed May 17 19:22:15 localhost rngd[231]: [rdrand]: Shutting down May 17 19:22:15 localhost systemd[1]: Stopping Hardware RNG Entropy Gatherer Daemon... May 17 19:22:15 localhost systemd[1]: rngd.service: Succeeded. May 17 19:22:15 localhost systemd[1]: Stopped Hardware RNG Entropy Gatherer Daemon. Actual results: rngd.service fails to start when fips enabled Expected results: rngd.service starts normally with fips enabled Additional info: I've noticed a new condition, "ConditionKernelCommandLine=!fips=1", added to "/usr/lib/systemd/system/rngd.service" file. If I remove that line from the file then the service starts normally. Is there a reason that this condition was added for fips?