Bug 831598
Summary: | FATAL: Module aes-xts not found (FIPS integrity check failed) | ||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Product: | Red Hat Enterprise Linux 7 | Reporter: | Ondrej Moriš <omoris> | ||||||||||
Component: | dracut | Assignee: | dracut-maint | ||||||||||
Status: | CLOSED CURRENTRELEASE | QA Contact: | Release Test Team <release-test-team-automation> | ||||||||||
Severity: | high | Docs Contact: | |||||||||||
Priority: | unspecified | ||||||||||||
Version: | 7.0 | CC: | harald, jstodola, pvrabec, pwouters | ||||||||||
Target Milestone: | beta | ||||||||||||
Target Release: | 7.0 | ||||||||||||
Hardware: | Unspecified | ||||||||||||
OS: | Unspecified | ||||||||||||
Whiteboard: | |||||||||||||
Fixed In Version: | dracut-018-65.git20120612.fc17 | Doc Type: | Bug Fix | ||||||||||
Doc Text: | Story Points: | --- | |||||||||||
Clone Of: | Environment: | ||||||||||||
Last Closed: | 2014-06-13 11:57:55 UTC | Type: | Bug | ||||||||||
Regression: | --- | Mount Type: | --- | ||||||||||
Documentation: | --- | CRM: | |||||||||||
Verified Versions: | Category: | --- | |||||||||||
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |||||||||||
Cloudforms Team: | --- | Target Upstream Version: | |||||||||||
Embargoed: | |||||||||||||
Bug Depends On: | |||||||||||||
Bug Blocks: | 717789 | ||||||||||||
Attachments: |
|
Description
Ondrej Moriš
2012-06-13 12:01:32 UTC
Created attachment 591456 [details]
/run/initramfs/init.log
Created attachment 591457 [details]
dracut -f --debug
Hm, I still see it: dracut-018-65.git20120612.el7.noarch ... //sbin/fips.sh@71(do_fips): '[' aes-xts '!=' tcrypt ']' //sbin/fips.sh@72(do_fips): modprobe aes-xts FATAL: Module aes-xts not found. //sbin/fips.sh@72(do_fips): return 1 ///lib/dracut/hooks/pre-trigger/01fips-boot.sh@10(source): warn 'FIPS integrity test failed' //lib/dracut-lib.sh@310(warn): check_quiet ... (In reply to comment #4) > Hm, I still see it: > > dracut-018-65.git20120612.el7.noarch > > ... > //sbin/fips.sh@71(do_fips): '[' aes-xts '!=' tcrypt ']' > //sbin/fips.sh@72(do_fips): modprobe aes-xts > FATAL: Module aes-xts not found. > //sbin/fips.sh@72(do_fips): return 1 > ///lib/dracut/hooks/pre-trigger/01fips-boot.sh@10(source): warn 'FIPS > integrity test failed' > //lib/dracut-lib.sh@310(warn): check_quiet > ... are you sure, that you regenerated the initramfs after updating? Created attachment 594801 [details]
Fix xts module name
Harald, I think this is just bug in dracut, there was never aes-xts module.
It should be xts (like in RHEL6).
See attached patch - I think it should be fixed upstream.
Created attachment 595281 [details]
Fix module names
In F18/rawhide is also sha256 module compiled in, so modprobe fails - use aes256_generic which works always.
Can the attached patch be committed upstream and for rawhide/F17 dracut please? dracut-020-96.git20120717.fc17 but there haven't been any builds of dracut in a while, so it is still on dracut 0.18 in Fedora.... Is there any reason why this isn't being built in rawhide/f17? (In reply to comment #9) > dracut-020-96.git20120717.fc17 but there haven't been any builds of dracut > in a while, so it is still on dracut 0.18 in Fedora.... > > Is there any reason why this isn't being built in rawhide/f17? huh? dracut-020-96.git20120717.fc17? Where is this? Built dracut-020-96.git20120717.fc18 to rawhide http://koji.fedoraproject.org/koji/buildinfo?buildID=330901 but not F17! will backport some fixes to F17 today. fixed with dracut-024-25.git20130205.el7 Retested with dracut-029-1.el7, system booted successfully in fips mode, no errors reported. Moving to VERIFIED. This request was resolved in Red Hat Enterprise Linux 7.0. Contact your manager or support representative in case you have further questions about the request. |