I'm updating the SRU template with livepatch bits, since livepatch is also included in this update.
** Summary changed: - [SRU][xenial] include recent version containing fips + [SRU][xenial] include recent version containing fips and livepatch ** Description changed: [IMPACT] - Most recent version of ubuntu-advantage-tool on github includes fips enablement. The fips enablement will allow customers to easily install and configure Canonical's FIPS certified modules on xenial + Most recent version of ubuntu-advantage-tool on github includes fips and livepatch enablement. The fips enablement will allow customers to easily install and configure Canonical's FIPS certified modules on xenial, whereas livepatch allows customers to patch the kernel without a reboot. + + This SRU will cover both new features. Note: FIPS certified modules are only available for xenial. On other releases the tool will not install and configure fips. when "ubuntu-advantage enable-fips <token>" is issued from commandline, - configure the private PPA where the FIPS modules are located - install the FIPS modules from this PPA to the local machine from where the script is run - configure the bootloader to enable fips Upon successful completion of these steps, the customer then gets a message stating to reboot the machine to complete the fips enablement process. Without the script, customers must perform the steps manually. [FIX] Add enable-fips to advantage script. See debdiff below. [TEST] A test package is available: and it was tested by me on S390, PPC64EL and AMD64 architectures. [REGRESSION POTENTIAL] The patch adds a new features to ubuntu-advantage-tool in Xenial to enable fips. Current functionality was not altered. [FIPS TESTCASES] - These testcases assume you have installed ubuntu-advantage-tools with the proposed changes. + These testcases assume you have installed ubuntu-advantage-tools with the proposed changes. XENIAL 1. Collect status before enabling fips - type on commandline, - ubuntu-advantage status + type on commandline, + ubuntu-advantage status expect, - livepatch: disabled + livepatch: disabled - esm: disabled (not available) + esm: disabled (not available) - fips: disabled + fips: disabled 2. Enable fips Note: This will require a token or credentials to fips Private PPA, in the form xxx:xxx - type on commandline, - sudo ubuntu-advantage enable-fips xxx:xxx + type on commandline, + sudo ubuntu-advantage enable-fips xxx:xxx expect, - [sudo] password for ubuntu: - Running apt-get update... OK - Ubuntu FIPS PPA repository enabled. - Installing FIPS packages (this may take a while)... OK - Configuring FIPS... - Updating grub to enable fips... OK - Successfully configured FIPS. PLEASE REBOOT to complete FIPS enablement. + [sudo] password for ubuntu: + Running apt-get update... OK + Ubuntu FIPS PPA repository enabled. + Installing FIPS packages (this may take a while)... OK + Configuring FIPS... + Updating grub to enable fips... OK + Successfully configured FIPS. PLEASE REBOOT to complete FIPS enablement. type on commandline, - sudo reboot + sudo reboot 3. Log back into system after reboot type on commandline, - ubuntu-advantage status + ubuntu-advantage status expect, - livepatch: disabled + livepatch: disabled - esm: disabled (not available) + esm: disabled (not available) - fips: enabled - + fips: enabled 4. verify fips kernel "4.4.0-1002-fips" has been installed type on commandline, - uname -a + uname -a expect, - Linux xenialguest 4.4.0-1002-fips #2-Ubuntu SMP Thu Apr 27 19:37:46 UTC 2017 x86_64 x86_64 x86_64 GNU/Linux - + Linux xenialguest 4.4.0-1002-fips #2-Ubuntu SMP Thu Apr 27 19:37:46 UTC 2017 x86_64 x86_64 x86_64 GNU/Linux ZESTY (Note that FIPS is not supported on zesty.) 1. Collect status before enabling fips type on commandline, - ubuntu-advantage status + ubuntu-advantage status expect, - livepatch: disabled (not available) + livepatch: disabled (not available) - esm: disabled (not available) + esm: disabled (not available) - fips: disabled (not available) + fips: disabled (not available) 2. Ensure that fips cannot be enabled on Zesty. Note: This will require a token or credentials to fips Private PPA, in the form xxx:xxx type on commandline, - sudo ubuntu-advantage enable-fips xxx:xxx + sudo ubuntu-advantage enable-fips xxx:xxx expect, - Sorry, but Canonical FIPS 140-2 Modules is not supported on zesty + Sorry, but Canonical FIPS 140-2 Modules is not supported on zesty 3. Check that kernel is not fips kernel (4.4.0-1002-fips) type on commandline, - uname -a + uname -a expect: - Linux ubuntu-zesty 4.10.0-19-generic #21-Ubuntu SMP Thu Apr 6 17:04:57 UTC 2017 x86_64 x86_64 x86_64 GNU/Linux + Linux ubuntu-zesty 4.10.0-19-generic #21-Ubuntu SMP Thu Apr 6 17:04:57 UTC 2017 x86_64 x86_64 x86_64 GNU/Linux ** Description changed: [IMPACT] Most recent version of ubuntu-advantage-tool on github includes fips and livepatch enablement. The fips enablement will allow customers to easily install and configure Canonical's FIPS certified modules on xenial, whereas livepatch allows customers to patch the kernel without a reboot. This SRU will cover both new features. - Note: FIPS certified modules are only available for xenial. On other - releases the tool will not install and configure fips. + Note: FIPS certified modules and livepatch are only available for + xenial. On other releases the tool will not install and configure fips + or livepatch. when "ubuntu-advantage enable-fips <token>" is issued from commandline, - configure the private PPA where the FIPS modules are located - install the FIPS modules from this PPA to the local machine from where the script is run - configure the bootloader to enable fips Upon successful completion of these steps, the customer then gets a message stating to reboot the machine to complete the fips enablement process. Without the script, customers must perform the steps manually. [FIX] Add enable-fips to advantage script. See debdiff below. [TEST] A test package is available: and it was tested by me on S390, PPC64EL and AMD64 architectures. [REGRESSION POTENTIAL] The patch adds a new features to ubuntu-advantage-tool in Xenial to enable fips. Current functionality was not altered. [FIPS TESTCASES] These testcases assume you have installed ubuntu-advantage-tools with the proposed changes. XENIAL 1. Collect status before enabling fips type on commandline, ubuntu-advantage status expect, livepatch: disabled esm: disabled (not available) fips: disabled 2. Enable fips Note: This will require a token or credentials to fips Private PPA, in the form xxx:xxx type on commandline, sudo ubuntu-advantage enable-fips xxx:xxx expect, [sudo] password for ubuntu: Running apt-get update... OK Ubuntu FIPS PPA repository enabled. Installing FIPS packages (this may take a while)... OK Configuring FIPS... Updating grub to enable fips... OK Successfully configured FIPS. PLEASE REBOOT to complete FIPS enablement. type on commandline, sudo reboot 3. Log back into system after reboot type on commandline, ubuntu-advantage status expect, livepatch: disabled esm: disabled (not available) fips: enabled 4. verify fips kernel "4.4.0-1002-fips" has been installed type on commandline, uname -a expect, Linux xenialguest 4.4.0-1002-fips #2-Ubuntu SMP Thu Apr 27 19:37:46 UTC 2017 x86_64 x86_64 x86_64 GNU/Linux ZESTY (Note that FIPS is not supported on zesty.) 1. Collect status before enabling fips type on commandline, ubuntu-advantage status expect, livepatch: disabled (not available) esm: disabled (not available) fips: disabled (not available) 2. Ensure that fips cannot be enabled on Zesty. Note: This will require a token or credentials to fips Private PPA, in the form xxx:xxx type on commandline, sudo ubuntu-advantage enable-fips xxx:xxx expect, Sorry, but Canonical FIPS 140-2 Modules is not supported on zesty 3. Check that kernel is not fips kernel (4.4.0-1002-fips) type on commandline, uname -a expect: Linux ubuntu-zesty 4.10.0-19-generic #21-Ubuntu SMP Thu Apr 6 17:04:57 UTC 2017 x86_64 x86_64 x86_64 GNU/Linux ** Description changed: [IMPACT] Most recent version of ubuntu-advantage-tool on github includes fips and livepatch enablement. The fips enablement will allow customers to easily install and configure Canonical's FIPS certified modules on xenial, whereas livepatch allows customers to patch the kernel without a reboot. This SRU will cover both new features. Note: FIPS certified modules and livepatch are only available for xenial. On other releases the tool will not install and configure fips or livepatch. + [FIPS DESCRIPTION] when "ubuntu-advantage enable-fips <token>" is issued from commandline, - configure the private PPA where the FIPS modules are located - install the FIPS modules from this PPA to the local machine from where the script is run - configure the bootloader to enable fips Upon successful completion of these steps, the customer then gets a message stating to reboot the machine to complete the fips enablement process. Without the script, customers must perform the steps manually. + [LIVEPATCH DESCRIPTION] + TBW + [FIX] Add enable-fips to advantage script. See debdiff below. [TEST] A test package is available: and it was tested by me on S390, PPC64EL and AMD64 architectures. [REGRESSION POTENTIAL] - The patch adds a new features to ubuntu-advantage-tool in Xenial to enable fips. Current functionality was not altered. + The patch adds a new features to ubuntu-advantage-tool in Xenial to enable fips and livepatch. Current functionality was not altered. [FIPS TESTCASES] These testcases assume you have installed ubuntu-advantage-tools with the proposed changes. XENIAL 1. Collect status before enabling fips type on commandline, ubuntu-advantage status expect, livepatch: disabled esm: disabled (not available) fips: disabled 2. Enable fips Note: This will require a token or credentials to fips Private PPA, in the form xxx:xxx type on commandline, sudo ubuntu-advantage enable-fips xxx:xxx expect, [sudo] password for ubuntu: Running apt-get update... OK Ubuntu FIPS PPA repository enabled. Installing FIPS packages (this may take a while)... OK Configuring FIPS... Updating grub to enable fips... OK Successfully configured FIPS. PLEASE REBOOT to complete FIPS enablement. type on commandline, sudo reboot 3. Log back into system after reboot type on commandline, ubuntu-advantage status expect, livepatch: disabled esm: disabled (not available) fips: enabled 4. verify fips kernel "4.4.0-1002-fips" has been installed type on commandline, uname -a expect, Linux xenialguest 4.4.0-1002-fips #2-Ubuntu SMP Thu Apr 27 19:37:46 UTC 2017 x86_64 x86_64 x86_64 GNU/Linux ZESTY (Note that FIPS is not supported on zesty.) 1. Collect status before enabling fips type on commandline, ubuntu-advantage status expect, livepatch: disabled (not available) esm: disabled (not available) fips: disabled (not available) 2. Ensure that fips cannot be enabled on Zesty. Note: This will require a token or credentials to fips Private PPA, in the form xxx:xxx type on commandline, sudo ubuntu-advantage enable-fips xxx:xxx expect, Sorry, but Canonical FIPS 140-2 Modules is not supported on zesty 3. Check that kernel is not fips kernel (4.4.0-1002-fips) type on commandline, uname -a expect: Linux ubuntu-zesty 4.10.0-19-generic #21-Ubuntu SMP Thu Apr 6 17:04:57 UTC 2017 x86_64 x86_64 x86_64 GNU/Linux -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1719671 Title: [SRU][xenial] include recent version containing fips and livepatch To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/ubuntu-advantage-tools/+bug/1719671/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
