Description of problem: The current libtpms for RHEL AV 8.1 is not FIPS compliant. In order to undergo a FIPS review, changes from upstream: https://github.com/stefanberger/libtpms/issues/51 will need to be backported/integrated.
I updated dist-git libtpms package to 0.7.0-1.20191018gitdc116933b7, which has all the known FIPS-required changes known so far. Danilo, is it part of the rhel av 8.1.1 module already?
curl -s "https://mbs.engineering.redhat.com/module-build-service/1/module-builds/?name=virt&stream=8.1&state=5&base_module_br_stream=el8.1.1" | grep libtpms "nvr": "libtpms-0.7.0-1.20191018gitdc116933b7.module+el8.1.1+4465+eb77c0ac" So yes And, for the record, 8.2 as well: libtpms-0.7.0-1.20191018gitdc116933b7.module+el8.2.0+4673+ff4b3b61
Danilo, you will take care of adding to errata and moving to MODIFIED?
rather ONQA
BZ already part of the errata, cleaning the request.
Hi Marc-Andre, To my understanding of this bug, it is a crypto function changes in libtpms. Is there any suggested tests or any use cases that I can use to verify this bug? Or execute vtpm function tests is ok to verify it ? Thanks, Qinghua Cheng
Nothing special can be tested, it is some internal crypto functions that have been replaced with OpenSSL, and it's an on-going effort. (see upstream bug https://github.com/stefanberger/libtpms/issues/51)
Libvirt QE and qume QE tested on Linux and Windows guests. No regression bug found. Change the status to verified. Linux test is PASS, results: https://libvirt-jenkins.rhev-ci-vms.eng.rdu2.redhat.com/job/libvirt-RHEL-8.2-runtest-x86_64-function-tpm_emulator/4/testReport/ Window guest test result is PASS.
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHBA-2020:2017