Ubuntu Pro 20.04 FIPS Mode Unable to Log In

Question

I have an Ubuntu Pro 20.04 FIPS Mode instance that I have been hardening, when I add a grub password the system won't boot.  It seems as if the grub password is being prompted for prior to the EC2 serial console being available.  If I use an instance that isn't FIPS enabled, everything works as designed, any help would be greatly appreciated.

Mike · Answer

I have learned more, it appears that the Ubuntu Pro images are created without UEFI and may be the cause of this issue.  I created a Pro and a non-Pro image and compared grub.cfg and the only stand out difference was UEFI.
#Non-Pro
```
### BEGIN /etc/grub.d/25_bli ###
if [ "$grub_platform" = "efi" ]; then
  insmod bli
fi
### END /etc/grub.d/25_bli ###

### BEGIN /etc/grub.d/30_os-prober ###
### END /etc/grub.d/30_os-prober ###

### BEGIN /etc/grub.d/30_uefi-firmware ###
if [ "$grub_platform" = "efi" ]; then
	fwsetup --is-supported
	if [ "$?" = 0 ]; then
		menuentry 'UEFI Firmware Settings' $menuentry_id_option 'uefi-firmware' {
			fwsetup
		}
	fi
fi
```
#Pro

```
### BEGIN /etc/grub.d/30_uefi-firmware ###

### END /etc/grub.d/30_uefi-firmware ###
```

Behrens, Isaac · Answer

Take a look at this blog post about accessing Grub from the EC2 Serial Console.

https://aws.amazon.com/blogs/compute/using-ec2-serial-console-to-access-the-grub-menu-and-recover-from-boot-failures/

Hope this helps!

Ubuntu Pro 20.04 FIPS Mode Unable to Log In

답변 추가

관련 콘텐츠