FIPS enabled Kairos flavors

[mudler]

We want to enable and document the building of FIPS enabled Kairos flavors.

For this we need to:

• Build all our binaries with golang flags that enable FIPS.
• Document how to build a flavor with those packages.

aside the current ones which are statically built, needed for #116, we need the same binaries that we add to the rootfs built with fips to support BYOI:

• Ubuntu 20.04
• Ubuntu 22.04 (is not available yet)
• RH

Aside : we pack as a static binary, even if CGO_ENABLED=1 ?

Depends on #1498

[Itxaka]

Couple of things.

• we now got fips packages for our golang stuff that its included in the system (kcrypt,kcrypt-challenger, immucore, kairos-agent)
• only ubuntu 20.04 and lower is supported for fips
• you need a ubuntu pro subscription to enable fips
• you need to activate the pro subcription and run the enable-fips which will install packages, including kernel.
• AFAIK if you are in container mode, it will refuse to install the kernel.

So a bit problematic IMHO, pro subscription has to be done on runtime so we can enable fips and bundle the packages in the rootfs. But that would make us miss the fips kernel?

[jimmykarily]

Let's do our part:

• Provide fips enabled binaries for kairos-agent et al (?)
• Enable this in "factory" (make sure it's possible to build)
• Document how people can build fips enabled ubuntu flavors
• Done

[jimmykarily]

We need to try the same things with RHEL. Same plan as above. We try that and we document it.

[Itxaka]

Packages are all built now under the fips category

[jimmykarily]

Created PR to build a fips framework image so that users can build their own flavor following our docs: #1544

Docs: https://kairos.io/docs/reference/build-from-scratch/

[jimmykarily]

Framework image is there, docs are there. Done.

[jimmykarily]

Let's add a "fips" specific section in the docs page. Re-opening.

[mauromorales]

Closing since documentation has been added