It appears that FreeSurfer is not compatible with systems for which FIPS level security is mandated. In our case, I am told this is part of our data use agreement with the VA.
We tried to run it, and I get the following stack trace showing what appears to be license validation using the crypt() function, which is blacklisted by the Linux kernel by the FIPS configuration.
28063 open("/opt/apps/freesurfer-6.0/freesurfer/license.txt", O_RDONLY) = 3 28063 fstat(3, {st_mode=S_IFREG|0644, st_size=59, ...}) = 0 28063 mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fa319883000 28063 read(3, "issc-sysadmin@umich.edu\n23098\n*C"..., 4096) = 59 28063 read(3, "", 4096) = 0 28063 open("/proc/sys/crypto/fips_enabled", O_RDONLY) = 4 28063 read(4, "1\n", 31) = 2 28063 close(4) = 0 28063 write(1, "ERROR: crypt() returned null wit"..., 46) = 46 28063 exit_group(1)
Is there a workaround so we can run FreeSurfer FIPS-enabled systems?
Appreciate your consideration of this question,
-- bennet
On Thu, Mar 29, 2018 at 5:05 PM, Bennet Fauber bennet@umich.edu wrote:
I have a couple of users here who are reporting that on machines with FIPS enabled, which in turn disables certain cryptographic functions, FreeSurfer core dumps with a call to the crypt() function, which FIPS disables.
Someone speculated based on output from strace that this is FreeSurfer possibly attempting to validate its license.
Is this a known problem? Is there a solution?
We have a university compliance office and possibly similar people from our local VA who are insisting that FIPS be enabled.
If you need more information, please let me know and I will try to obtain it for you.
Thanks, -- bennet