Bug 878092

Summary: Booting with fips=1 leads to kernel panic
Product: [Fedora] Fedora Reporter: Hans de Goede <hdegoede>
Component: kernelAssignee: Kernel Maintainer List <kernel-maint>
Status: CLOSED DUPLICATE QA Contact: Fedora Extras Quality Assurance <extras-qa>
Severity: unspecified Docs Contact:
Priority: unspecified    
Version: 18CC: gansalmon, itamar, jonathan, kernel-maint, madhu.chinakonda
Target Milestone: ---   
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2012-11-19 19:22:21 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Hans de Goede 2012-11-19 16:20:50 UTC 
Hi,

Booting with kernel-3.6.6-9.fc18.x86_64 with fips=1 on the cmdline leads to a kernel panic:
"module verification failed, error: -126", and yes I've all the pre-requisites for this running fips in place, note that the exact same system boots fine with fips=1 with kernel "kernel-3.6.7-1.fc17.x86_64"

Note that googling the error gives:
http://lkml.indiana.edu/hypermail/linux/kernel/1205.2/03937.html
Which may be part of the F-18 only patches for secure efi

So it could simply be that F-17 kernels have the same issue, but are just not panicking on it ...

Regards,

Hans
Comment 1 Josh Boyer 2012-11-19 19:22:21 UTC 
This is probably because dracut is stripping off the module signatures.  I'm going to duplicate this to bug 873796 for now.  If you still see this after dracut is fixed then we can reopen.

*** This bug has been marked as a duplicate of bug 873796 ***