Bug 1414664 - System halted when booting new build after upgrade if the old build enable fips
Summary: System halted when booting new build after upgrade if the old build enable fips
Keywords:
Status: CLOSED CURRENTRELEASE
Alias: None
Product: ovirt-node
Classification: oVirt
Component: Installation & Update
Version: 4.1
Hardware: Unspecified
OS: Unspecified
unspecified
urgent
Target Milestone: ovirt-4.1.0-rc
: 4.1
Assignee: Ryan Barry
QA Contact: Huijuan Zhao
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2017-01-19 07:55 UTC by Huijuan Zhao
Modified: 2017-02-01 14:42 UTC (History)
13 users (show)

Fixed In Version: imgbased-0.9.6-0.1.el7ev
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed: 2017-02-01 14:42:15 UTC
oVirt Team: Node
rule-engine: ovirt-4.1+
rule-engine: blocker+
cshao: testing_ack+

Attachments (Terms of Use)
screenshot of system halted (244.64 KB, image/png)
2017-01-19 07:55 UTC, Huijuan Zhao 		no flags Details
Add an attachment (proposed patch, testcase, etc.)


Links
System ID Private Priority Status Summary Last Updated
Red Hat Bugzilla 1415032 0 unspecified CLOSED dracut-fips does not check the path in BOOT_IMAGE for .hmac 2021-02-22 00:41:40 UTC
oVirt gerrit 70939 0 master MERGED osupdater: copy FIPS files into /boot 2017-01-20 20:07:33 UTC
oVirt gerrit 70941 0 ovirt-4.1 MERGED osupdater: copy FIPS files into /boot 2017-01-20 20:07:47 UTC

Internal Links: 1415032

Description Huijuan Zhao 2017-01-19 07:55:22 UTC 
Created attachment 1242401 [details]
screenshot of system halted

Description of problem:
Install RHVH 4.0 old build with "fips=1" on cmdline, fips is enabled after reboot the system. Then upgrade RHVH4.0 to RHVH4.1, system halted when booting RHVH4.1.
Please refer to attachment for halt information.


Version-Release number of selected component (if applicable):
1. Before upgrade:
redhat-virtualization-host-4.0-0.20161116.1
imgbased-0.8.10-0.1.el7ev.noarch
kernel-3.10.0-514.el7.x86_64
2. After upgrade:
redhat-virtualization-host-4.1-0.20170116.0
imgbased-0.9.4-0.1.el7ev.noarch
kernel-3.10.0-514.2.2.el7.x86_64


How reproducible:
Tested on two different machines, both can reproduce.


Steps to Reproduce:
1. Install redhat-virtualization-host-4.0-0.20161116.1, add "fips=1" to command line during installation
2. Reboot and login RHVH4.0, check fips is enabled:
   # cat /proc/sys/crypto/fips_enabled
   # sysctl crypto.fips_enabled   
3. Setup local repos and upgrade to redhat-virtualization-host-4.1-0.20170116.0:
   # yum update
4. Reboot and enter to new build RHVH-4.1-20170116.0

Actual results:
1. In step4, system halted, boot failed.
   Please refer to attachment for halt information.


Expected results:
2. In step4, should boot to new build successful and check fips is enabled.


Additional info:
As system halt, can not obtain logs.
Comment 1 Huijuan Zhao 2017-01-24 08:14:36 UTC 
Test version:
1. Before upgrade:
redhat-virtualization-host-4.0-0.20161116.1
imgbased-0.8.10-0.1.el7ev.noarch
kernel-3.10.0-514.el7.x86_64
2. After upgrade:
redhat-virtualization-host-4.1-0.20170120.0
imgbased-0.9.6-0.1.el7ev.noarch
kernel-3.10.0-514.6.1.el7.x86_64

Test steps:
1. Install redhat-virtualization-host-4.0-0.20161116.1, add "fips=1" to command line during installation
2. Reboot and login RHVH4.0, check fips is enabled:
   # cat /proc/sys/crypto/fips_enabled
   # sysctl crypto.fips_enabled   
3. Setup local repos and upgrade to redhat-virtualization-host-4.1-0.20170120.0:
   # yum update
4. Reboot and enter to new build RHVH-4.1-20170120.0

Test results:
In step4, boot to new build successful and check fips is enabled.

So this bug is fixed in imgbased-0.9.6-0.1.el7ev.noarch, change the status to VERIFIED.
Note You need to log in before you can comment on or make changes to this bug.