2164847 – [RFE] Ability to disable non-etm MACs

Bug 2164847 - [RFE] Ability to disable non-etm MACs

Summary: [RFE] Ability to disable non-etm MACs

Keywords:
Status:	CLOSED ERRATA
Alias:	None
Product:	Fedora
Classification:	Fedora
Component:	crypto-policies
Sub Component:
Version:	rawhide
Hardware:	Unspecified
OS:	Unspecified
Priority:	medium
Severity:	medium
Target Milestone:	---
Assignee:	Red Hat Crypto Team
QA Contact:	Fedora Extras Quality Assurance
Docs Contact:
URL:
Whiteboard:
Duplicates (1):	2138540 (view as bug list)
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2023-01-26 16:16 UTC by Ravindra Patil
Modified:	2023-11-16 19:17 UTC (History)
CC List:	10 users (show)
Fixed In Version:	crypto-policies-20231108-1.gitd5877b3.fc40 crypto-policies-20231113-1.gitb402e82.fc39
Doc Type:	If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed:	2023-11-08 13:58:28 UTC
Type:	Bug
Embargoed:
Dependent Products:

Attachments	(Terms of Use)

Links
System	ID	Private	Priority	Status	Summary	Last Updated
Gitlab	redhat-crypto fedora-crypto-policies issues 40	0	None	opened	Can't disable non-EtM MACs	2023-01-31 10:56:50 UTC
Red Hat Issue Tracker	FC-814	0	None	None	None	2023-04-25 13:22:06 UTC

Comment 2 xspielinbox+redhat 2023-01-30 22:04:31 UTC

This issue also exists in RHEL 9 and Fedora 37.
The lack of this feature currently prevents me from using the system-wide crypto-policies.

However, I think that a system-wide crypto-policy is great and strongly needed and therefore would be very happy, if this could get resolved.
How could one potentially help with that?

Comment 3 Alexander Sosedkin 2023-01-31 10:56:33 UTC

(replied in upstream discussion in order to keep the discussion in one place: https://gitlab.com/redhat-crypto/fedora-crypto-policies/-/issues/40)

Comment 4 Alexander Sosedkin 2023-03-28 13:16:20 UTC

*** Bug 2138540 has been marked as a duplicate of this bug. ***

Comment 5 Alexander Sosedkin 2023-04-25 13:20:05 UTC

Converting to Fedora bug, because I do want to address this request one day, but I don't have a clear way forward, and whatever the solution will be, it's unlikely to be ported to even RHEL-9 at this point, let alone 8. For them, opting out of crypto-policies is the supported solution.

Comment 8 Fedora Update System 2023-11-07 16:58:35 UTC

FEDORA-2023-01ef62eefb has been submitted as an update to Fedora 40. https://bodhi.fedoraproject.org/updates/FEDORA-2023-01ef62eefb

Comment 9 xspielinbox+redhat 2023-11-07 22:08:10 UTC

Awesome that it finally made it! Thank you very much!

Is there any chance that this will also make it into Fedora 39?

Comment 10 Clemens Lang 2023-11-08 08:13:36 UTC

It will, but there is a small usability bug in this build, which we want to fix first before backporting it to F39.

Comment 11 Fedora Update System 2023-11-08 12:28:10 UTC

FEDORA-2023-9b4f4d2817 has been submitted as an update to Fedora 40. https://bodhi.fedoraproject.org/updates/FEDORA-2023-9b4f4d2817

Comment 12 Fedora Update System 2023-11-08 13:58:28 UTC

FEDORA-2023-9b4f4d2817 has been pushed to the Fedora 40 stable repository.
If problem still persists, please make note of it in this bug report.

Comment 13 Fedora Update System 2023-11-09 16:32:49 UTC

FEDORA-2023-c221a7efca has been submitted as an update to Fedora 39. https://bodhi.fedoraproject.org/updates/FEDORA-2023-c221a7efca

Comment 14 xspielinbox+redhat 2023-11-12 13:34:41 UTC

Ok, thank you for your work on backporting it.

This bug has already been closed as "ERRATA", but there is no update in the update or even updates-testing repos of Fedora Linux 39 yet. I see that there seem to be some issues with the proposed backport. Can one help with fixing this?

Comment 15 Clemens Lang 2023-11-13 09:47:41 UTC

I will fix those, but only when all the issues found during QA are fixed. Please remain patient.

This bug is correctly closed, because it is fixed in rawhide.

Comment 16 Fedora Update System 2023-11-13 15:41:03 UTC

FEDORA-2023-1e08f24c96 has been submitted as an update to Fedora 39. https://bodhi.fedoraproject.org/updates/FEDORA-2023-1e08f24c96

Comment 17 Fedora Update System 2023-11-14 03:21:55 UTC

FEDORA-2023-1e08f24c96 has been pushed to the Fedora 39 testing repository.
Soon you'll be able to install the update with the following command:
`sudo dnf upgrade --enablerepo=updates-testing --refresh --advisory=FEDORA-2023-1e08f24c96`
You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2023-1e08f24c96

See also https://fedoraproject.org/wiki/QA:Updates_Testing for more information on how to test updates.

Comment 18 Fedora Update System 2023-11-16 02:36:21 UTC

FEDORA-2023-1e08f24c96 has been pushed to the Fedora 39 stable repository.
If problem still persists, please make note of it in this bug report.

Comment 19 xspielinbox+redhat 2023-11-16 19:17:39 UTC

Thank you!

works perfectly!

Note You need to log in before you can comment on or make changes to this bug.