Bug ID 1711025

Bug Tracker
ID 1711025

Bug ID 1711025: Added an option to prevent import of private keys into onboard FIPS HSM

Last Modified: Feb 28, 2025

Affected Product(s):
BIG-IP LTM(all modules)

Fixed In:
17.5.0, 17.1.2

Opened: Oct 29, 2024

Severity: 3-Major

Symptoms

By default, keys can be created or imported into the onboard FIPS HSM.

Impact

Private keys can be created and imported into the FIPS card.

Conditions

Create or import private keys into the onboard FIPS HSM.

Workaround

None

Fix Information

Added an option "-k ... Disable PEM key import during INIT." to fipsutil to prevent the import of keys into the HSM. This option is to be provided as input to fipsutil when initializing the partition in the tenant. Once initialized with this option, key import restriction applies until the partition is re-initialized. This cannot be modified while the partition is in use.

Guides & references

K10134038: F5 Bug Tracker Filter Names and Tips