Description of problem: When installing a system in FIPS mode and creating LUKS devices, the installer creates LUKS devices having the argon2i key derivation function. pbkdf2 should be used instead in FIPS mode (see bug 1584710). Version-Release number of selected component (if applicable): cryptsetup-2.3.7-5.el8 from RHEL-8.8, but the same problem exists since RHEL-8.0 (cryptsetup-2.0.6-1.el8.x86_64.rpm) How reproducible: Always Steps to Reproduce: 1. Start the installation in FIPS mode (with "fips=1" on the kernel cmdline) 2. Let anaconda create an encrypted partition 3. Check the created encrypted partition Actual results: [anaconda root@localhost ~]# cryptsetup luksDump /dev/vda2 LUKS header information Version: 2 Epoch: 3 Metadata area: 16384 [bytes] Keyslots area: 16744448 [bytes] UUID: 3f8d5702-92fd-4c85-80c2-341b292610c6 Label: (no label) Subsystem: (no subsystem) Flags: (no flags) Data segments: 0: crypt offset: 16777216 [bytes] length: (whole device) cipher: aes-xts-plain64 sector: 512 [bytes] Keyslots: 0: luks2 Key: 512 bits Priority: normal Cipher: aes-xts-plain64 Cipher key: 512 bits PBKDF: argon2i Time cost: 4 Memory: 1048576 Threads: 2 ... Expected results: PBKDF: pbkdf2 Additional info: * There is no /etc/system-fips in the installation environment in FIPS mode. * Manually creating an empty /etc/system-fips file in the installation environment is a workaround for the installer to create LUKS devices with pbkdf2 * The same problem exists in the installation environment when running cryptsetup manually, like cryptsetup luksFormat $device. * This is not a problem on the installed system, since /etc/system-fips exists there in FIPS mode.
After the installation it can be fixed by running following command: cryptsetup luksConvertKey -S<keyslot_id> /dev/vda2 The command above will change pbkdf parameters to appropriate default values (pbkdf2 function, targeting 2 seconds unlock time if system runs in FIPS mode) for keyslot identified by <keyslot_id>. The keyslot binary area is overwritten with new data containing same volume key but it will be protected by new KEK derived from passphrase using pbkdf2 function.