This is a request for a feature freeze exception to include FIPS into the ubuntu-advantage-tool package.
This will allow UA customers to use the ubuntu-advantage script to do the following
when "ubuntu-advantage enable-fips <token>" is issued from commandline,
- configure the private PPA where the FIPS modules are located
- install the FIPS modules from this PPA to the local machine from where the script is run
- configure the bootloader to enable fips
Upon successful completion of these steps, the customer then gets a message stating to reboot
the machine to complete the fips enablement process.
Without the script, customers must perform the steps manually.
The following fips packages are installed:
linux-fips, fips-initramfs (fips kernel)
openssl, libssl1.0.0, libssl1.0.0-hmac
openssh-server, openssh-server-hmac
openssh-client, openssh-client-hmac
strongswan, strongswan-hmac
The patchset to include fips into ubuntu-advantage-tools includes
- additional code to script to support "enable-fips" option/flag
- additional code to script to support "is-fips-enabled" which reports if fips is
enabled or not
- additional code to support "status" for fips
- addition to man page
- additional testcases for fips
- the fips private ppa keyring
**NOTE: The enable-fips component of the script will only work/run on xenial. FIPS modules are currently certified for xenial only. The intention is to upload to artful (althought doesn't enable fips on artful) in preparation for a xenial SRU.
changelog diff:
https:/
PPA with daily builds:
A PPA setup with daily builds from a github mirror using a launchpad recipe: https:/