diff --git a/src/sbattach.c b/src/sbattach.c
index a363d83..012a422 100644
--- a/src/sbattach.c
+++ b/src/sbattach.c
@@ -218,6 +218,11 @@ int main(int argc, char **argv)
 
 	ERR_load_crypto_strings();
 	OpenSSL_add_all_digests();
+	/* here we may get highly unlikely failures or we'll get a
+	 * complaint about FIPS signatures (usually becuase the FIPS
+	 * module isn't present).  In either case ignore the errors
+	 * (malloc will cause other failures out lower down */
+	ERR_clear_error();
 
 	image = image_load(image_filename);
 	if (!image) {
diff --git a/src/sbkeysync.c b/src/sbkeysync.c
index a63d3b8..46235d2 100644
--- a/src/sbkeysync.c
+++ b/src/sbkeysync.c
@@ -932,6 +932,11 @@ int main(int argc, char **argv)
 	ERR_load_crypto_strings();
 	OpenSSL_add_all_digests();
 	OpenSSL_add_all_ciphers();
+	/* here we may get highly unlikely failures or we'll get a
+	 * complaint about FIPS signatures (usually becuase the FIPS
+	 * module isn't present).  In either case ignore the errors
+	 * (malloc will cause other failures out lower down */
+	ERR_clear_error();
 
 	ctx->filesystem_keys = init_keyset(ctx);
 	ctx->firmware_keys = init_keyset(ctx);
diff --git a/src/sbsign.c b/src/sbsign.c
index dcf6eed..58c6894 100644
--- a/src/sbsign.c
+++ b/src/sbsign.c
@@ -183,7 +183,11 @@ int main(int argc, char **argv)
 	ERR_load_crypto_strings();
 	OpenSSL_add_all_digests();
 	OpenSSL_add_all_ciphers();
-
+	/* here we may get highly unlikely failures or we'll get a
+	 * complaint about FIPS signatures (usually becuase the FIPS
+	 * module isn't present).  In either case ignore the errors
+	 * (malloc will cause other failures out lower down */
+	ERR_clear_error();
 	EVP_PKEY *pkey = fileio_read_pkey(keyfilename);
 	if (!pkey)
 		return EXIT_FAILURE;
diff --git a/src/sbvarsign.c b/src/sbvarsign.c
index d0cf2ed..fbfe81a 100644
--- a/src/sbvarsign.c
+++ b/src/sbvarsign.c
@@ -506,6 +506,11 @@ int main(int argc, char **argv)
 	OpenSSL_add_all_digests();
 	OpenSSL_add_all_ciphers();
 	ERR_load_crypto_strings();
+	/* here we may get highly unlikely failures or we'll get a
+	 * complaint about FIPS signatures (usually becuase the FIPS
+	 * module isn't present).  In either case ignore the errors
+	 * (malloc will cause other failures out lower down */
+	ERR_clear_error();
 
 	/* set up the variable signing context */
 	varname = argv[optind];
diff --git a/src/sbverify.c b/src/sbverify.c
index fb03d21..2e3a75b 100644
--- a/src/sbverify.c
+++ b/src/sbverify.c
@@ -233,10 +233,15 @@ int main(int argc, char **argv)
 
 	OpenSSL_add_all_digests();
 	ERR_load_crypto_strings();
+	/* here we may get highly unlikely failures or we'll get a
+	 * complaint about FIPS signatures (usually becuase the FIPS
+	 * module isn't present).  In either case ignore the errors
+	 * (malloc will cause other failures out lower down */
+	ERR_clear_error();
 
 	for (;;) {
 		int idx;
-		c = getopt_long(argc, argv, "c:d:nVh", options, &idx);
+		c = getopt_long(argc, argv, "c:d:nvVh", options, &idx);
 		if (c == -1)
 			break;