As a requirement for our machines that will be deployed in secure areas, all SLES 12 hosts must boot with FIPS enabled. We have successfully done so for BIOS- and UEFI-booted machines.
However, we’ve noticed a significant difference in load times of GDM (the graphical desktop environment) when FIPS is or is not enabled. We’ve tested this on a build server (Xeon 10-core/20-thread CPU with 32GB RAM and iSCSI boot on a RAID 6 NAS), toggling FIPS by removing the boot option at the Grub menu.
Without FIPS, a user who has logged in successfully will see their desktop after 4 seconds.
With FIPS, a user who has logged in successfully will see their desktop after 2 minutes.
This difference is not acceptable as it slows down workflow. Application load times are consistent with or without FIPS enabled.
I’ve been assigned to troubleshoot this. I cannot see anything immediately from the logs that would indicate fault (missing packages, kernel issues, driver problems, etc.). I will research how to increase verbosity for gnome/gdm logs and will compare differences.
Any suggestions on what could be slowing down due to FIPS?