View Issue Details

IDProjectCategoryView StatusLast Update
0000155AlmaLinux-8-OTHERpublic2021-11-22 08:56
Reporternikk2000 Assigned To 
PrioritynormalSeverityblockReproducibilityalways
Status newResolutionopen 
Platformx86_64OSAlmaLinuxOS Version8.5
Summary0000155: Cannot boot after finished minimal installations with NIST 800-171 policy
DescriptionAfter finished installations, boot failed because modprobe is blocked.
Steps To Reproduce1) Minimal installations
2) Use LVM partitions
3) Use NIST 800-171 security policy
Tagsboot
abrt_hash
URL

Activities

nikk2000

2021-11-19 06:54

reporter  

Screenshot_20211119_141112.png (32,186 bytes)   
Screenshot_20211119_141112.png (32,186 bytes)   

nikk2000

2021-11-19 10:21

reporter   ~0000406

I have tried disable fapolicyd and SELinux (by mounting and editing config files), but still cannot boot.

nikk2000

2021-11-20 09:20

reporter   ~0000407

I guess boot got lockup because I don't have TPM module.

I have tested on machines with TPM module and found no issues.

nikk2000

2021-11-20 20:32

reporter   ~0000408

I've just found the problem, I need to remove `fips=1` from kernel option. Also I already have HMAC file in /boot/.

Perhaps, AMD Ryzen 2700 doesn't support FIPS? Because Intel Core i7-10750H boot just fine with `fips=1`.

Probably related to:
* https://almalinux.discourse.group/t/kernel-4-18-0-240-22-1-with-fips-1-will-not-boot/88

alukoshko

2021-11-22 08:38

developer   ~0000409

Hello. Thanks for report and investigation.
No, it's not related to issues with 4.18.0-240.22.1, that was broken kernel version and since then all kernel versions are checked to not repeat that problem.

Usually we ask to check on CentOS or RHEL to find out if this AlmaLinux specific or upstream problem.
If it's upstream one then the best option would be check on CentOS Stream to find out if the problem is fixed already.
If not, then you can open a bug to CentOS Stream bugzilla: https://bugzilla.redhat.com/enter_bug.cgi?product=Red%20Hat%20Enterprise%20Linux%208&version=CentOS%20Stream

Of course it's up to you. But it would be great if you could check it because working with CentOS Stream bugs helps the whole EL community.

nikk2000

2021-11-22 08:56

reporter   ~0000410

You're welcome. Thank you for reply.

Noted, I'll try and check on CentOS Stream.

Issue History

Date Modified Username Field Change
2021-11-19 06:54 nikk2000 New Issue
2021-11-19 06:54 nikk2000 Tag Attached: boot
2021-11-19 06:54 nikk2000 File Added: Screenshot_20211119_141112.png
2021-11-19 10:21 nikk2000 Note Added: 0000406
2021-11-20 09:20 nikk2000 Note Added: 0000407
2021-11-20 20:32 nikk2000 Note Added: 0000408
2021-11-22 08:38 alukoshko Note Added: 0000409
2021-11-22 08:56 nikk2000 Note Added: 0000410