OPERATIONAL DEFECT DATABASE
...
...
After reboot of the F5OS-A rSeries system in any operations (for example, live upgrade, reboot), FIPS HSM card might not become operational, and tenants that were running earlier might not come into a running state. This is due to the handshake failure between the liquid security driver and the HSM card. The driver gets stuck in SAFE_STATE instead of coming into SECURE_OPERATIONAL_STATE. The driver state can be checked with the below command on the host system. [root@appliance-1 ~]# cat /proc/cavium_n3fips/driver_state HSM 0:SECURE_OPERATIONAL_STATE [root@appliance-1 ~]#
FIPS HSM is not operational in the system, which results in FIPS tenants deployed on the F5OS rSeries host do not work as expected. They do not change to a RUNNING state.
The issue might occur in a live software upgrade or any situation that involves a reboot of the rSeries FIPS system with F5OS-A. The below logs will be observed in dmesg repeatedly for every retry of the hand shake between driver and HSM card. [ 964.113688] liquidsec_pf_vf_driver 0000:ca:00.0: We might have a link issue... resetting [ 964.113688] liquidsec_pf_vf_driver 0000:ca:00.0: RESETTING FIRMWARE... CAUTION
As the driver is stuck in "HSM 0:SAFE_STATE", a power reboot will resolve the issue. Below are the steps to follow: 1. Power off 2. Wait for 5 minutes 3. Power on
None
Click on a version to see all relevant bugs
F5 Integration
Learn more about where this data comes from
Bug Scrub Advisor
Streamline upgrades with automated vendor bug scrubs
BugZero Enterprise
Wish you caught this bug sooner? Get proactive today.
