This bug is awaiting verification that the linux-azure- fips/5.4.0-1135.142+fips1 kernel in -proposed solves the problem. Please test the kernel and update this bug with the results. If the problem is solved, change the tag 'verification-needed-focal-linux-azure-fips' to 'verification-done-focal-linux-azure-fips'. If the problem still exists, change the tag 'verification-needed-focal-linux-azure-fips' to 'verification-failed-focal-linux-azure-fips'.
If verification is not done by 5 working days from today, this fix will be dropped from the source code, and this bug will be closed. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Thank you! ** Tags added: kernel-spammed-focal-linux-azure-fips-v2 verification-needed-focal-linux-azure-fips -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to apt in Ubuntu. https://bugs.launchpad.net/bugs/2055825 Title: fips-updates: upgrade from 20.04 to 22.04 fails Status in apt package in Ubuntu: Confirmed Status in linux package in Ubuntu: Fix Committed Status in apt source package in Focal: New Status in linux source package in Focal: Fix Committed Bug description: SRU Justification [Impact] Focal systems with fips-updates enabled cannot be upgraded to Jammy. During the upgrade, there is a point where the userspace packages are upgraded to their Jammy version, but are run on a Focal FIPS kernel. Specifically, the Jammy version of libgcrypt relies on the getrandom syscall with the GRND_RESEED flag set. This flag, however, is only implemented on the Jammy FIPS kernel. So, when the Jammy version of libgcrypt is run alongside a Focal FIPS kernel, a fatal error occurs. [Fix] Have getrandom not reject the GRND_RESEED flag. For Focal systems, this flag should only be used during the upgrade process from Focal to Jammy, as the Jammy userspace packages running on the Focal kernel will rely on it. [Test] Summary: In a FIPS enabled machine using the fips-updates channel, test the upgrade from Focal to Jammy. [Where things could go wrong] This touches the getrandom syscall, so we have many places where things could go wrong. However, we are just adding another possible flag for it, and not really adding/removing/altering any other functionality, so the regression potential is low. -------------------------------- Original Report ------------------------------- Upgrade from 20.04 to 22.04 failed with "Fatal: unexpected error from getentropy: Invalid argument". We have fips-updates enabled thru Ubuntu pro subscription. Tried to upgrade from 18.04 to 22.04. Upgrade from 18.04 to 204 is successful but upgrade from 20.04 to 22.04 failed. Apt or do-release-upgrade commands no longer working after the upgrade failed so we have to restore the host to the Ubuntu 20.04 snapshots. # lsb_release -a No LSB modules are available. Distributor ID: Ubuntu Description: Ubuntu 20.04.6 LTS Release: 20.04 Codename: focal Upgrade log: Processing triggers for libc-bin (2.35-0ubuntu3.6) ... Errors were encountered while processing: systemd ntfs-3g dbus libpam-systemd:amd64 systemd-sysv libnss-systemd:amd64 friendly-recovery samba-common-bin samba update-notifier-common Fatal: unexpected error from getentropy: Invalid argument fatal error in libgcrypt, file ../../src/misc.c, line 146, function _gcry_logv: internal error (fatal or bug) To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/apt/+bug/2055825/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
