Canonical has certified cryptographic packages in Ubuntu Base OS at Level 1 for Ubuntu 16.04, 18.04, and 20.04.
| Release | Architecture | Platform | Validated packages |
|---|---|---|---|
| 20.04 | amd64 | Supermicro SYS-1019P-WTR | GA Kernel Crypto API, OpenSSL, Strongswan, (OpenSSH now uses OpenSSL for cryptography) |
| 18.04 | amd64, s390x | Supermicro SYS-5018R-WR, IBM z/VM running on IBM z/14 | GA Kernel Crypto API, OpenSSL, OpenSSH Client, OpenSSH Server, Strongswan |
| 16.04 | amd64, ppc64el, s390x | IBM Power System S822L (PowerNV 8247-22L), IBM Power System S822LC (PowerNV 8001-22C), IBM Power System S822LC (PowerNV 8335-GTB), Supermicro SYS-5018R-WR, IBM z13 (running on LPAR) | GA Kernel Crypto API, OpenSSL, OpenSSH Client, OpenSSH Server, Strongswan |
Recertifications
Each FIPS certification is valid for 5 years, however each Ubuntu release is being updated periodically to bring the latest bug fixes and security updates. Each Ubuntu LTS release is recertified periodically, when feasible, closely aligned with the point releases during the standard support phase.
During the Extended Security Maintenance (ESM) phase, the validated packages are updated via the fips-updates stream.