This is a follow-up to https://bugzilla.redhat.com/show_bug.cgi?id=1640192 In addition to setting `fips=1`, host's boot partition need to be explicitly stated in the kernel boot parameters (like: `boot=/dev/sda1`), otherwise the host does not start. At this moment the user needs to put that information manually. This BZ is to track the effort of investigation of viability of detecting the boot partition automatically, and if possible, implementing it.
Verified with: - ovirt-engine-4.4.0-0.33.master.el8ev.noarch - vdsm-4.40.13-1.el8ev.x86_64 - Host with RHEL 8.2 Verification steps: 1. Move a non-FIPS active host into maintenance mode 2. Under 'Edit > Kernel' press the Reset button and select 'FIPS mode' 3. 'fips=1 boot=UUID=<bood_pratition_UUID>' will be added to the 'Kernel command line' 4. Make sure the UUID is indeed the host's /boot partition UUID 5. Reinstall and restart the host Result: - The host is up and running as a FIPS host (verified by 'sysctl crypto.fips_enabled' and on the engine-UI)
This bugzilla is included in oVirt 4.4.0 release, published on May 20th 2020. Since the problem described in this bug report should be resolved in oVirt 4.4.0 release, it has been closed with a resolution of CURRENT RELEASE. If the solution does not work for you, please open a new bug report.