While in the process of hardening a new Ubuntu installation, I performed the basic steps of enabling FIPS as described here. After rebooting, I found that /proc/sys/crypto didn't exist. Oddly, sudo ua status
shows that fips-updates is enabled.
After troubleshooting, I ended up checking GRUB and found there were the following entries
- Ubuntu, with Linux 5.14.0-1054-oem
- Ubuntu, with Linux 5.14.0-1054-oem (recovery mode)
- Ubuntu, with Linux 5.14.0-1054-fips
- Ubuntu, with Linux 5.14.0-1054-fips (recovery mode)
When I try the fips version, the screen ends up going blank except for a blinking cursor at the top left. After a while, I get the following error
[ 66.724025] hdaudio hdaudioCOD2: Unable to bind the codec.
and then it's hung. If I try the fips (recovery mode) version, I can enter a root shell and see that /proc/sys/crypto/fip_enabled exists, but it's set to 0.
Two questions.
Should a separate fips version have been created? The text of the above link doesn't mention that.
How can I fix the hdaudio problem?
If it helps, I originally chose the sudo ua enable fips
option and had the problem of /proc/sys/crypto not existing. So I next did sudo ua enable fips-updates
.
The computer is a Dell Inspiron 3015.