Created attachment 1242401 [details] screenshot of system halted Description of problem: Install RHVH 4.0 old build with "fips=1" on cmdline, fips is enabled after reboot the system. Then upgrade RHVH4.0 to RHVH4.1, system halted when booting RHVH4.1. Please refer to attachment for halt information. Version-Release number of selected component (if applicable): 1. Before upgrade: redhat-virtualization-host-4.0-0.20161116.1 imgbased-0.8.10-0.1.el7ev.noarch kernel-3.10.0-514.el7.x86_64 2. After upgrade: redhat-virtualization-host-4.1-0.20170116.0 imgbased-0.9.4-0.1.el7ev.noarch kernel-3.10.0-514.2.2.el7.x86_64 How reproducible: Tested on two different machines, both can reproduce. Steps to Reproduce: 1. Install redhat-virtualization-host-4.0-0.20161116.1, add "fips=1" to command line during installation 2. Reboot and login RHVH4.0, check fips is enabled: # cat /proc/sys/crypto/fips_enabled # sysctl crypto.fips_enabled 3. Setup local repos and upgrade to redhat-virtualization-host-4.1-0.20170116.0: # yum update 4. Reboot and enter to new build RHVH-4.1-20170116.0 Actual results: 1. In step4, system halted, boot failed. Please refer to attachment for halt information. Expected results: 2. In step4, should boot to new build successful and check fips is enabled. Additional info: As system halt, can not obtain logs.
Test version: 1. Before upgrade: redhat-virtualization-host-4.0-0.20161116.1 imgbased-0.8.10-0.1.el7ev.noarch kernel-3.10.0-514.el7.x86_64 2. After upgrade: redhat-virtualization-host-4.1-0.20170120.0 imgbased-0.9.6-0.1.el7ev.noarch kernel-3.10.0-514.6.1.el7.x86_64 Test steps: 1. Install redhat-virtualization-host-4.0-0.20161116.1, add "fips=1" to command line during installation 2. Reboot and login RHVH4.0, check fips is enabled: # cat /proc/sys/crypto/fips_enabled # sysctl crypto.fips_enabled 3. Setup local repos and upgrade to redhat-virtualization-host-4.1-0.20170120.0: # yum update 4. Reboot and enter to new build RHVH-4.1-20170120.0 Test results: In step4, boot to new build successful and check fips is enabled. So this bug is fixed in imgbased-0.9.6-0.1.el7ev.noarch, change the status to VERIFIED.