Hello, I have added a new option to clevis that allows the user to determine via an environment variable if they wish to enable FIPS compatibility or not. Sadly on jammy there is no '/proc/sys/crypto/fips_enabled' directory like on focal to check if the system is meant to run in FIPS mode, so I took inspiration from OpenSSL which allows the user to use OPENSSL_FORCE_FIPS_MODE=1 to enable FIPS mode. I named the variable CLEVIS_FORCE_FIPS_MODE, and when set to 1 it will switch clevis to use pbkdf2. I have ran tests where I locked and unlocked the drive with and without this command as well as locking the drive with it and trying to unlock without it.
Let me know what you think! I will also update the test plan to reflect the new env variable ** Patch added: "jammy.debdiff" https://bugs.launchpad.net/ubuntu/jammy/+source/clevis/+bug/2073429/+attachment/5838575/+files/jammy.debdiff -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/2073429 Title: Jammy clevis forces argon2id for keyslots To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/clevis/+bug/2073429/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
