Ubuntu FIPS 140-2 Modules FAQ
Does Ubuntu contain FIPS 140-2 validated modules?
Yes, Ubuntu LTS releases come with FIPS 140-2 validated modules as part of the Ubuntu Advantage subscription. See the main FIPS 140 page for more information.
How do I enable FIPS 140 on an Ubuntu LTS release?
By default Ubuntu does not contain FIPS validated packages. To enable FIPS and install the validated packages run:
ua enable fips-updatesto enable the validated packages, but also receive regular security updates.
ua enable fipsto install the FIPS validated packages. These will not be updated until the next recertification.
Can I use livepatch to update or patch Ubuntu’s FIPS kernel?
A system which is set to fips mode is not livepatched. Systems that use
fips-updates can be livepatched.
How do I develop a Linux application that complies with FIPS 140?
The FIPS 140-2 certified modules are designed to be a drop in replacement for the validated packages. Note, that FIPS 140-2 does not allow algorithms (legacy or out of the standard), thus they are not available when FIPS is enabled. Applications trying to access these algorithms from FIPS crypto modules such as libcrypto or kernel cryptoapi, may fail. Consult the Security Policy for the various FIPS modules to see what is and isn’t allowed, in addition to our instructions for developing with FIPS.
How do I get debug packages for FIPS?
Please open a ticket with Canonical Support to obtain the FIPS Debug Symbols packages.
Are the FIPS modules a drop in replacement?
Yes, the FIPS 140-2 certified modules are designed to be a drop in replacement.
Can I use openvpn on my FIPS 140-2 enabled system?
Openvpn prior to version 2.4 uses MD5 for its internal hash algorithm and for the TLS PRF. FIPS 140-2 permits MD5 for PRF. However, openvpn must convey to FIPS openssl module that MD5 is ok for PRF, and currently it doesn’t.
Canonical has provided a fix such that openvpn conveys to FIPS openssl module to use MD5 for PRF since current FIPS 140-2 allows this. The openvpn package on xenial must be updated to 2.3.10-1ubuntu2.2 to acquire this fix.
How do I get the source?
In the “/etc/apt/sources.list.d/” directory, you will have:
- “ubuntu-fips-updates.list” after successfully running
ua enable fips-updateson the system
- “ubuntu-fips.list” after successfully running
ua enable fipson the system
In that file or those files, as applicable, ensure that the line starting with “deb-src” is uncommented by removing the "# " characters before “deb-src” in the line. For example, an uncommented line in /etc/apt/sources.list.d/ubuntu-fips.list for Bionic will appear like:
deb-src https://esm.ubuntu.com/fips/ubuntu bionic main
After those files are updated as applicable, run,
sudo apt update && sudo apt install dpkg-dev
Finally, download the source using the
sudo apt-get source <package> command. Let’s say you want to get the source of the “openssl” package:
sudo apt source openssl
sudo is necessary in the last command – unlike most
apt source commands – because it needs to read the permissioned repository key in /etc/apt/auth.conf.d/.
How do I see a changelog?
For the FIPS packages the changelogs are installed locally. For example, the libssl1.0.0 (openssl) package changelog is installed in
/usr/share/doc/libss1.0.0 directory. To view use the following command:
apt changelog openssl
What applications are known to work?
- Postfix - Postfix links to libcrypto and the default message digest algorithm used to construct remote SMTP server certificate fingerprints for TLS is MD5. The smtp_tls_fingerprint_digest and/or smtpd_tls_fingerprint_digest should be set to “sha1” in the postfix configuration file. See, http://www.postfix.org/postconf.5.html#smtp_tls_fingerprint_digest and/or http://www.postfix.org/postconf.5.html#smtpd_tls_fingerprint_digest for additional information.
What applications are known to not work?
- OpenVPN prior to version 2.3.10-1ubuntu2.2 on xenial crashes. Update to 2.3.10-1ubuntu2.2 or later to acquire a fix.
What applications are known to not be FIPS Compliant?
These may work, but also won’t get the benefits from FIPS packages
Is FIPS applicable to both desktop and server?
Yes, with some caveats.
- Some applications do not use the system openssl so they will not get any benefits from a FIPS openssl (Firefox is the most obvious example)
- Other items in the desktop may use cryptography that has not been FIPS evaluated.
Can I use full disk encryption on a FIPS-enabled system?
On 18.04 and later: Yes, full disk encryption will work on a FIPS-enabled system. The libgcrypt20 package provides FIPS-certified full-disk encryption on a system that is running a FIPS-certified kernel. Both of these packages can be installed from the ubuntu-fips metapackage in the FIPS PPA.
On 16.04: Yes, but updates to libgcrypt and cryptsetup are needed to successfully use full disk encryption on a FIPS-enabled xenial system.
- cryptsetup version 2:1.6.6-5ubuntu2.1 or later
- libgcrypt version 1.6.5-2ubuntu0.4 or later
How do I tell if FIPS is enabled on my system?
If the content is a 1, then FIPS is enabled on the local system. Any FIPS modules will run in FIPS-mode on the system.
If the content is a 0, then FIPS is not enabled on the local system. Any FIPS modules on the system will not run in FIPS-mode.
How can I tell if FIPS packages are installed on my system?
dpkg -l | grep fips
How do you come up with the FIPS versions? Do they include CVEs?
The Ubuntu FIPS packages are forks of those in the Ubuntu archives with FIPS changes on top. Ubuntu CVE tracker shows the CVEs addressed by release for an archive source package. By using the base version of a FIPS package, the CVEs addressed in a FIPS package can be deduced.
Look into the changelog file, “/usr/share/doc/linux-headers-$(uname -r)/changelog.Debian.gz”, and find the archive package version used to fork. It will be in square brackets.
linux-fips (4.4.0-1005.5) xenial; urgency=medium * CVE-2017-5715 (Spectre v2 retpoline) - [Config] disable retpoline checks for first upload [ Ubuntu: 4.4.0-116.140 ]
All CVEs fixed in 4.4.0-116.140 or earlier are available in the FIPS version.The cve status by releases for the Ubuntu kernel package is here
FIPS userspace modules
FIPS userspace modules are versioned,
*.fips.x.y, here x is the ubuntu version of the debian package, from which the fork occurred. The y indicates the number of iterations of the FIPS package.
For example, openssl, 1.0.2g-1ubuntu4.fips.4.15.1 is a fork of 1.0.2g-1ubuntu4.15. The fips package has only one iteration which is the set of fips patches applied after the fork from the archive. All CVEs fixed in 1.0.2g-1ubuntu4.15 or earlier will be available in the FIPS version.
You can check the Ubuntu CVE tracker to see all the cves tracked against OpenSSL,
You can also search on the status of a single CVE on the CVE tracker page.
Why did SSH connections stop working with FIPS OpenSSH?
The key exchange algorithm
diffie-hellman-group-exchange-sha256 in OpenSSH requires parameters that conform to FIPS guidelines. However not every parameter in
/etc/ssh/moduli does. We recommend removing
/etc/ssh/moduli from the server if present.
Why did TLS connections stop working with Focal (20.04 LTS)'s FIPS OpenSSL?
Recent changes to the FIPS certification process have required we comply with NIST’s SP800-56A revision 3’s new policies for TLS connections. One of these is changes in Diffie-Hellman (DH) group negotiation. Because the TLS protocol doesn’t support conveying the additional information required by NIST to verify the integrity of DH groups, we must limit connections to using existing pre-approved groups.
This means that any TLS server configured with custom DH group information (typically via a dhparam file) will not work.
There are two ways around this:
- Do not provide DH param files when configuring the server and/or do not use DH-based TLS cipher suites.
- Use an existing, well-known DH parameter instead (such as the one included below). The approved DH groups are from RFC 7919. Note that these groups must be encoded properly to be read by OpenSSL. The method described in one is generally preferred for all applications.
Note that this only affects DH and does not affect any of the ECDH(E) (Elliptic-Curve Diffie Hellman) cipher suites. In general, the industry has shifted towards preferring ECDHE over DH and it is strongly suggested to move systems to ECDHE when possible.
For simplicity, the RFC 7919 8192-bit DH Parameter (in PEM format for use with OpenSSL) is reproduced below. Please verify this file against known values from the RFC before using:
-----BEGIN DH PARAMETERS----- MIIEDAKCBAEA//////////+t+FRYortKmq/cViAnPTzx2LnFg84tNpWp4TZBFGQz +8yTnc4kmz75fS/jY2MMddj2gbICrsRhetPfHtXV/WVhJDP1H18GbtCFY2VVPe0a 87VXE15/V8k1mE8McODmi3fipona8+/och3xWKE2rec1MKzKT0g6eXq8CrGCsyT7 YdEIqUuyyOP7uWrat2DX9GgdT0Kj3jlN9K5W7edjcrsZCwenyO4KbXCeAvzhzffi 7MA0BM0oNC9hkXL+nOmFg/+OTxIy7vKBg8P+OxtMb61zO7X8vC7CIAXFjvGDfRaD ssbzSibBsu/6iGtCOGEfz9zeNVs7ZRkDW7w09N75nAI4YbRvydbmyQd62R0mkff3 7lmMsPrBhtkcrv4TCYUTknC0EwyTvEN5RPT9RFLi103TZPLiHnH1S/9croKrnJ32 nuhtK8UiNjoNq8Uhl5sN6todv5pC1cRITgq80Gv6U93vPBsg7j/VnXwl5B0rZp4e 8W5vUsMWTfT7eTDp5OWIV7asfV9C1p9tGHdjzx1VA0AEh/VbpX4xzHpxNciG77Qx iu1qHgEtnmgyqQdgCpGBMMRtx3j5ca0AOAkpmaMzy4t6Gh25PXFAADwqTs6p+Y0K zAqCkc3OyX3Pjsm1Wn+IpGtNtahR9EGC4caKAH5eDdkCC/1ktkUDbHpOZ30sOFMq OiO6RELK9T6mO7RUMpt2JMiRe91kscD9TLOOjDNMcBw6za0GV/zP7HGbH1w+TkYE HziBR/tM/bR3pSRx96mpaRC4VTIu22NA2KAO8JI1BRHjCr7B//njom5/sp+MGDAj w1h+ONoAd9m0dj5OS5Syu8GUxmUed8r5ku6qwCMqKBv2s6c5wSJhFoIK6NtYR6Z8 vvnJCRtGLVOM1ysDdGrnf15iKSwxFWKoRlBdyC24VDOK5J9SNclbkReMzy3Vys70 A+ydGBDGJysEWztx+dxrgNY/3UqOmtseaWKmlSbUMWHBpB1XDXk42tSkDjKcz/Rq qjatAEz2AMg4HkJaMdlRrmT9sj/OyVCdQ2h/62nt0cxeC4zDvfZLEO+GtjFCo6uI KVVbL3R8kyZlyywPHMAb1wIpOIg50q8F5FRQSseLdYKCKEbAujXDX1xZFgzARv2C UVQfxoychrAiu3CZh2pGDnRRqKkxCXA/7hwhfmw4JuUsUappHg5CPPyZ6eMWUMEh e2JIFs2tmpX51bgBlIjZwKCh/jB1pXfiMYP4HUo/L6RXHvyM4LqKT+i2hV3+crCm bt7S+6v75Yow+vq+HF1xqH4vdB74wf6G/qa7/eUwZ38Nl9EdSfeoRD0IIuUGqfRh TgEeKpSDj/iM1oyLt8XGQkz//////////wIBAgICAZA= -----END DH PARAMETERS-----