Bug 1053655
| Summary: | dracut allows booting in fips mode when vmlinuz has incorrect hmac | ||||||
|---|---|---|---|---|---|---|---|
| Product: | Red Hat Enterprise Linux 7 | Reporter: | Pavel Holica <pholica> | ||||
| Component: | dracut | Assignee: | dracut-maint | ||||
| Status: | CLOSED CURRENTRELEASE | QA Contact: | Release Test Team <release-test-team-automation> | ||||
| Severity: | high | Docs Contact: | |||||
| Priority: | high | ||||||
| Version: | 7.0 | CC: | harald, lkardos | ||||
| Target Milestone: | rc | ||||||
| Target Release: | --- | ||||||
| Hardware: | Unspecified | ||||||
| OS: | Unspecified | ||||||
| Whiteboard: | |||||||
| Fixed In Version: | Doc Type: | Bug Fix | |||||
| Doc Text: | Story Points: | --- | |||||
| Clone Of: | Environment: | ||||||
| Last Closed: | 2014-06-13 11:34:23 UTC | Type: | Bug | ||||
| Regression: | --- | Mount Type: | --- | ||||
| Documentation: | --- | CRM: | |||||
| Verified Versions: | Category: | --- | |||||
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |||||
| Cloudforms Team: | --- | Target Upstream Version: | |||||
| Embargoed: | |||||||
| Bug Depends On: | |||||||
| Bug Blocks: | 782468 | ||||||
| Attachments: |
|
||||||
Verified on dracut-033-85 (RHEL-7.0-20140127.0). This request was resolved in Red Hat Enterprise Linux 7.0. Contact your manager or support representative in case you have further questions about the request. |
Created attachment 850558 [details] console Description of problem: I've installed system in fips mode and after installed system booted, I've removed first byte in hmac file for vmlinuz in /boot. After reboot, dracut drops to dracut shell stating "Warning: dracut: Refusing to continue". I've pressed ctrl-d, dracut again drops to shell, pressed ctrl-d and then boot continued into system. Version-Release number of selected component (if applicable): dracut-033-68.el7 RHEL-7.0-20140110.0 x86_64 Client How reproducible: always Steps to Reproduce: 1. Install system with fips enabled 2. In installed system, remove first byte from file /boot/.vmlinuz-3.10.0-67.el7.x86_64.hmac 3. reboot 4. once dropped in dracut shell, press ctrl-d 5. once dropped in dracut shell, press ctrl-d Actual results: System boots (although some strange issues happen, e.g. /boot is not mounted) Expected results: One shouldn't be dropped to dracut shell and system doesn't boot. Additional info: