Understanding FIPS Error States and System Panic
An NFX250 device operating Junos OS in FIPS mode has certain operational restrictions such as the ability to load only integrity-checked software files and use only FIPS-approved cryptographic algorithms. To ensure correct operation, the NFX250 device performs a series of FIPS self-tests.
The NFX250 device performs additional tests as needed—for example, to ensure that randomly generated numbers are truly random and to verify manually entered keys (passwords).
If it fails a test, the NFX250 device enters a FIPS error state known as system panic.
When a low-level cryptographic function cannot complete for lack of memory or another resource, a memory allocation error occurs. This error does not result in system panic.
FIPS errors that occur early in the boot cycle can prevent the system from successfully starting up. For this reason, keep alternate boot media up to date.
For details, see:
FIPS System Panic
If an NFX250 device fails a FIPS self-test, the NFX250 device enters a FIPS error state known as system panic. The panic condition halts all cryptographic processing and stops all data output from the NFX250 device. To clear the FIPS error, NFX250 device reboots, runs the FIPS self-tests, and if it passes all the tests, returns to normal operation.
If NFX250 device fails a self-test during a reboot from panic mode, the system stops booting and attempts to reboot. If the reboot is unsuccessful, the NFX250 device attempts again to reboot, this time from available boot media.
During a system panic, only status messages are displayed on the console. For example, a FIPS error is logged as follows:
panic: pid 5090 (fips-error), uid 0, FIPS error 5: cannot verify certificate PackageCA
The reboot after panic displays the following error message on the console:
savecore: reboot after panic: pid 5090 (fips-error), uid 0, FIPS error 5: cannot verify certificate PackageCA
The following error states create a system panic:
These errors have only an extremely small chance of occurring.
The NFX250 device failed a known answer test (KAT).
The random number is not random.
Signature generation failed.
Signature verification failed.
Certificate verification failed.
Encryption or decryption failed.
An environment error occurred.
An error occurred in a pair-wise conditional test.
Memory Allocation Error
A FIPS memory allocation error occurs when a low-level cryptographic function cannot finish processing for lack of memory or of another resource. This error causes the affected process to be terminated, but does not result in system panic.
FIPS memory failures are logged as follows:
Apr 15 23:08:15 shmoo /kernel: pid 6374 (fips-error), uid 0, FIPS error 9: RSA verify memory allocation failed
Terminating the process clears the error so that the process can be run again.
Error Recovery from Alternate Boot Media
An NFX250 Network Services Platform running Junos OS in FIPS mode performs KATs self-tests at startup. If the NFX250 device fails a KAT, the boot process stops and the NFX250 device attempts to reboot. If the reboot is unsuccessful, the NFX250 device attempts again to reboot, this time from available boot media.
To recover the device in this scenario, the Crypto Officer must remove the tamper-evident seal from the USB port and insert the removable boot media so that the system can boot normally and install Junos OS.
However, if the seal is broken, the NFX250 device is no longer a FIPS cryptographic module. You as Crypto Officer must zeroize, reinstall and reconfigure Junos OS and enable FIPS mode.