Bug 2231849

Summary: aarch64 system boots into emergency mode when secure_mode_insmod is on
Product: Red Hat Enterprise Linux 9 Reporter: Matus Marhefka <mmarhefk>
Component: scap-security-guideAssignee: Watson Yuuma Sato <wsato>
Status: NEW --- QA Contact: BaseOS QE Security Team <qe-baseos-security>
Severity: high Docs Contact:
Priority: unspecified    
Version: 9.3CC: ggasparb, matyc, mhaicman, mlysonek, openscap-maint, vpolasek
Target Milestone: rcKeywords: MigratedToJIRA, Triaged
Target Release: ---   
Hardware: aarch64   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of:
: 2231856 (view as bug list) Environment:
Last Closed: Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On:    
Bug Blocks: 2231856    

Description Matus Marhefka 2023-08-14 12:48:46 UTC
Description of problem:
Remediating aarch64 system using anssi_bp28_high profile causes it to boot into emergency mode.


Version-Release number of selected component (if applicable):
scap-security-guide 0.1.69


How reproducible:
deterministic


Steps to Reproduce:
1. Remediate installed system using ANSSI profile:
oscap xccdf eval --profile xccdf_org.ssgproject.content_profile_anssi_bp28_high --progress --remediate /usr/share/xml/scap/ssg/content/ssg-rhel9-ds.xml
2. Reboot the system


Actual results:
System enters emergency mode ater the reboot:

You are in emergency mode. After logging in, type "journalctl -xb" to view 
system logs, "systemctl reboot" to reboot, "systemctl default" or "exit" 
to boot into default mode. 
Give root password for maintenance


Expected results:
System reboots and it is possible to login into the system.


Additional info:

Comment 1 RHEL Program Management 2023-08-17 11:41:40 UTC
Issue migration from Bugzilla to Jira is in process at this time. This will be the last message in Jira copied from the Bugzilla bug.

Comment 2 Matěj Týč 2023-08-17 14:03:08 UTC
last comment