Chris, what you're describing is out of scope of the this launchpad issue. It is purely to address the invalid alg selected when running in fips mode. What you're describing is likely a result of the hmac implementation of tmp2-tools's tpm2-tss, likely described here:
https://github.com/tpm2-software/tpm2-tss/issues/2889 Regarding the STIG comment, fedramp compliance is measured as a level of effort, and exceptions are frequently made that stretch compliance for the sake of practicality (22.04 no longer `requiring` strict fips certification is a good example of this). If you look at Matthew's comment (followed by the maintainers reply), the key bit failure is relatively meaningless in this situation. If tpm2-tools will be changed to `fix` or mitigate this in existing releases is still up in the air. It is in place upstream now however. ** Bug watch added: github.com/tpm2-software/tpm2-tss/issues #2889 https://github.com/tpm2-software/tpm2-tss/issues/2889 -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/2073429 Title: Jammy clevis forces argon2id for keyslots To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/clevis/+bug/2073429/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
