Bug 2231849 - aarch64 system boots into emergency mode when secure_mode_insmod is on
Summary: aarch64 system boots into emergency mode when secure_mode_insmod is on
Keywords:
Status: NEW
Alias: None
Product: Red Hat Enterprise Linux 9
Classification: Red Hat
Component: scap-security-guide
Version: 9.3
Hardware: aarch64
OS: Unspecified
unspecified
high
Target Milestone: rc
: ---
Assignee: Watson Yuuma Sato
QA Contact: BaseOS QE Security Team
URL:
Whiteboard:
Depends On:
Blocks: 2231856
TreeView+ depends on / blocked
 
Reported: 2023-08-14 12:48 UTC by Matus Marhefka
Modified: 2023-08-17 14:04 UTC (History)
6 users (show)

Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
: 2231856 (view as bug list)
Environment:
Last Closed:
Type: Bug
Target Upstream Version:
Embargoed:

Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Red Hat Issue Tracker RHEL-1422 0 None None None 2023-08-17 08:38:14 UTC
Red Hat Issue Tracker RHELPLAN-165736 0 None None None 2023-08-14 12:49:05 UTC

Description Matus Marhefka 2023-08-14 12:48:46 UTC 
Description of problem:
Remediating aarch64 system using anssi_bp28_high profile causes it to boot into emergency mode.


Version-Release number of selected component (if applicable):
scap-security-guide 0.1.69


How reproducible:
deterministic


Steps to Reproduce:
1. Remediate installed system using ANSSI profile:
oscap xccdf eval --profile xccdf_org.ssgproject.content_profile_anssi_bp28_high --progress --remediate /usr/share/xml/scap/ssg/content/ssg-rhel9-ds.xml
2. Reboot the system


Actual results:
System enters emergency mode ater the reboot:

You are in emergency mode. After logging in, type "journalctl -xb" to view 
system logs, "systemctl reboot" to reboot, "systemctl default" or "exit" 
to boot into default mode. 
Give root password for maintenance


Expected results:
System reboots and it is possible to login into the system.


Additional info:
Comment 1 RHEL Program Management 2023-08-17 11:41:40 UTC 
Issue migration from Bugzilla to Jira is in process at this time. This will be the last message in Jira copied from the Bugzilla bug.
Comment 2 Matěj Týč 2023-08-17 14:03:08 UTC 
last comment
Note You need to log in before you can comment on or make changes to this bug.