Ubuntu

Cannot enable FIPS on Ubuntu 18.04 Pro on AWS

Asked by Roscoe Cairney

Hi, I subscribed to the marketplace subscription of Ubuntu Pro 18.04. I get an error about a missing keyfile when trying to enable FIPS.

root@ip-10-142-18-16:/var/snap/amazon-ssm-agent/1566# ua status
SERVICE ENTITLED STATUS DESCRIPTION
cc-eal yes n/a Common Criteria EAL2 Provisioning Packages
cis-audit no — Center for Internet Security Audit Tools
esm-apps yes enabled UA Apps: Extended Security Maintenance
esm-infra yes enabled UA Infra: Extended Security Maintenance
fips yes disabled NIST-certified FIPS modules
fips-updates yes disabled Uncertified security updates to FIPS modules
livepatch yes enabled Canonical Livepatch service

Enable services with: ua enable <service>

                Account: XXXXXXXXXXXX
           Subscription: XXXXXXXXXXXX
            Valid until: n/a
Technical support level: essential

root@ip-10-142-18-16:/var/snap/amazon-ssm-agent/1566# ua enable fips
One moment, checking your subscription first
GPG key '/usr/share/keyrings/ubuntu-fips-keyring.gpg' not found

Question information

Language:
English Edit question
Status:
Solved
For:
Ubuntu Edit question
Assignee:
No assignee Edit question
Solved by:
Roscoe Cairney
Solved:
Last query:
Last reply:
Revision history for this message
Manfred Hampl (m-hampl) said : 		#1

/usr/share/keyrings/ubuntu-fips-keyring.gpg is contained in the package ubuntu-advantage-tools

Does this file exist?
If not, then try re-installing that package.

Revision history for this message
Roscoe Cairney (roscoecairney) said : 		#2

Hi Manfred

I've got that package installed, but for some reason it doesn't include that keyring file.

I found this issue https://github.com/canonical/ubuntu-advantage-client/issues/1087 which is exactly what I'm experiencing.

I'm going to upvote that issue and close this ticket.

Thanks for the help
Roscoe