Bug ID 1235085: Reinitialization of FIPS HSM in BIG-IP tenant.

Last Modified: Feb 23, 2024

Affected Product(s):
BIG-IP TMOS(all modules)

Known Affected Versions:
17.1.0

Fixed In:
17.1.0.1

Opened: Feb 06, 2023

Severity: 3-Major

Symptoms

During reinitialization of FIPS HSM in BIG-IP tenant, the presence of existing keys is not validated.

Impact

When reinitialization triggered, the existing keys are erased without a warning to the user.

Conditions

When FIPS HSM in BIG-IP tenant is already initialized and keys are created. Then the reinitialization is triggered.

Workaround

Before reinitialization of FIPS HSM in BIG-IP tenant, make sure the existing keys are deleted. Use following TMSH command to view the current keys: "show sys crypto fips keys"

Fix Information

When the FIPS HSM in BIG-IP tenant reinitialization is triggered, the existing keys are validated and a message is displayed that the keys are available. Delete all the existing keys before reinitialization.

Behavior Change

Guides & references

K10134038: F5 Bug Tracker Filter Names and Tips