Last Modified: Jul 12, 2023
Affected Product(s):
BIG-IP All
Known Affected Versions:
16.0.1, 16.0.0.1, 16.0.0, 15.1.2.1, 15.1.2, 15.1.1
Fixed In:
16.1.0, 16.0.1.1, 15.1.3, 14.1.4, 13.1.4, 12.1.6
Opened: Oct 09, 2020 Severity: 3-Major
When re-initializing an onboard HSM on particular platforms, BIG-IP may disconnect from the HSM after a second restart of the MCPD daemon. This can occur when using administrative commands such as: -- tmsh run util fips-util init -- fipsutil init -- tmsh run util fips-util loginreset -r -- fipsutil loginreset -r
BIG-IP is unable to communicate with the onboard HSM.
-- Using the following platforms: + i5820-DF / i7820-DF + 5250v-F / 7200v-F + 10200v-F + 10350v-F + vCMP guest on i5820-DF / i7820-DF + vCMP guest on 10350v-F
The last step in using "fipsutil init" is to restart all system services ("tmsh restart sys service all") or reboot. Immediately before doing this: -- open /config/bigip.conf in a text editor (e.g. vim or nano) -- locate and delete the configuration "sys fipsuser f5cu" stanza, e.g.: sys fipsuser f5cu { password $M$Et$b3R0ZXJzCg== }
Fixed an issue with re-initializing the onboard FIPS HSM.