View Issue Details

IDProjectCategoryView StatusLast Update
0000062AlmaLinux-8kernelpublic2021-05-28 14:44
Reporternzone10 Assigned Toalukoshko  
PrioritynormalSeveritymajorReproducibilityalways
Status closedResolutionfixed 
Summary0000062: Cannot boot with fips-mode enabled with kernel kernel-4.18.0-240.22.1.el8_3.x86_64
DescriptionOn almalinux base install with kernel-4.18.0-240.22.1.el8_3.x86_64 and fips enabled fails to boot.

 .vmlinuz-4.18.0-240.22.1.el8_3.x86_64.hmac is blank, tried to create file with rpm2cpio but was not successful.
Steps To ReproduceOn almalinux base install with kernel-4.18.0-240.el8.x86_64
run fips-mode-setup --enable
reboot
confirm able to reboot
dnf update
installed kernel kernel-4.18.0-240.22.1.el8_3.x86_64
ls -la in /boot and notice the .vmlinuz-4.18.0-240.22.1.el8_3.x86_64.hmac file is blank.
So now if I reboot I will receive Fatal fips integrity test failed
reboot to original kernel-4.18.0-240.22.1.el8_3.x86_64
run fips-mode-setup --disable
reboot
select kernel kernel-4.18.0-240.22.1.el8_3.x86_64
system boots
TagsNo tags attached.
abrt_hash
URL

Activities

alukoshko

2021-04-15 13:59

administrator   ~0000150

Hello and thank you for report.
You're right and .vmlinuz-4.18.0-240.22.1.el8_3.x86_64.hmac file wasn't created correctly during kernel build.
Sorry for that, we'll fix it in next minor kernel update and will add test to build system to check this file.
Thanks.

alukoshko

2021-04-15 14:06

administrator   ~0000152

You can fix it now with the following command:
sha512hmac /boot/vmlinuz-4.18.0-240.22.1.el8_3.x86_64 > /boot/.vmlinuz-4.18.0-240.22.1.el8_3.x86_64.hmac

alukoshko

2021-05-28 14:44

administrator   ~0000248

AlmaLinux 8.4 was released with kernel version 4.18.0-305 without .hmac issue.
Closing.

Issue History

Date Modified Username Field Change
2021-04-13 19:21 nzone10 New Issue
2021-04-15 13:48 alukoshko Assigned To => alukoshko
2021-04-15 13:48 alukoshko Status new => assigned
2021-04-15 13:59 alukoshko Note Added: 0000150
2021-04-15 14:06 alukoshko Note Added: 0000152
2021-05-28 14:44 alukoshko Note Added: 0000248
2021-05-28 14:44 alukoshko Status assigned => closed
2021-05-28 14:44 alukoshko Resolution open => fixed