Note: This bug is displayed in read-only format because the product is no longer active in Red Hat Bugzilla.
RHEL Engineering is moving the tracking of its product development work on RHEL 6 through RHEL 9 to Red Hat Jira (issues.redhat.com). If you're a Red Hat customer, please continue to file support cases via the Red Hat customer portal. If you're not, please head to the "RHEL project" in Red Hat Jira and file new tickets here. Individual Bugzilla bugs in the statuses "NEW", "ASSIGNED", and "POST" are being migrated throughout September 2023. Bugs of Red Hat partners with an assigned Engineering Partner Manager (EPM) are migrated in late September as per pre-agreed dates. Bugs against components "kernel", "kernel-rt", and "kpatch" are only migrated if still in "NEW" or "ASSIGNED". If you cannot log in to RH Jira, please consult article #7032570. That failing, please send an e-mail to the RH Jira admins at rh-issues@redhat.com to troubleshoot your issue as a user management inquiry. The email creates a ServiceNow ticket with Red Hat. Individual Bugzilla bugs that are migrated will be moved to status "CLOSED", resolution "MIGRATED", and set with "MigratedToJIRA" in "Keywords". The link to the successor Jira issue will be found under "Links", have a little "two-footprint" icon next to it, and direct you to the "RHEL project" in Red Hat Jira (issue links are of type "https://issues.redhat.com/browse/RHEL-XXXX", where "X" is a digit). This same link will be available in a blue banner at the top of the page informing you that that bug has been migrated.

Bug 681246

Summary: [fips] FATAL: Module aead not found
Product: Red Hat Enterprise Linux 6 Reporter: Alexander Todorov <atodorov>
Component: dracutAssignee: Harald Hoyer <harald>
Status: CLOSED DUPLICATE QA Contact: Release Test Team <release-test-team-automation>
Severity: urgent Docs Contact:
Priority: urgent    
Version: 6.0CC: atodorov, borgan, iboverma, mbroz, mkhusid, pholica, pknirsch, sgrubb
Target Milestone: rcKeywords: TestBlocker
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: 670925 Environment:
Last Closed: 2011-03-02 12:06:00 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On:    
Bug Blocks: 670159, 670925    

Description Alexander Todorov 2011-03-01 14:26:15 UTC 
While testing Bug #670925 I got an error that module aead was not found later on resulting in kernel panic and the system didn't boot.

+++ This bug was initially created as a clone of Bug #670925 +++

--- Additional comment from atodorov on 2011-03-01 16:21:58 EET ---

To test this:

On a @Base RHEL 6.1 install: 

1) Install dracut-fips
2) Re-create initramfs to include the .hmac files for cryptsetup
3) Boot with the new initramfs and 'boot=/dev/sda1 fips=1 rdbreak=pre-pivot rdshell rddebug'
4) Dracut will drop into a shell before switch_root and there execute comment #13:

(15,50,57) mbroz: then try echo "blah" | cryptsetup create -c aes-xts-plain64 -s 512 x /dev/sda1
(15,51,19) mbroz: it must create device /dev/mapper/x (check with dmsetup table)

--- Additional comment from atodorov on 2011-03-01 16:24:10 EET ---

With dracut-fips-004-41.el6 and the steps from comment #20 I got an error: 

dracut: Mounting /dev/vda1 as /boot
EXT4-fs (vda1): INFO: recovery required on readonly filesystem
EXT4-fs (vda1): write access will be enabled during recovery
EXT4-fs (vda1): recovery complete
EXT4-fs (vda1): mounted filesystem with ordered data mode
dracut: Checking integrity of kernel
/boot/vmlinuz-2.6.32-118.el6.x86_64: OK
dracut: Umounting /boot
dracut: Loading and integrity checking all crypto modules
FATAL: Module aead not found.
dracut: FATAL: FIPS integrity test failed
dracut: Refusing to continue
dracut: FATAL: FIPS integrity test failed
dracut: Refusing to continue


Signal caught!
dracut Warning: LVM vg_test1163/lv_root not found
Kernel panic - not syncing: Attempted to kill init!
Pid: 1, comm: init Not tainted 2.6.32-118.el6.x86_64 #1
Call Trace:
 [<ffffffff814d87b9>] ? panic+0x78/0x143
 [<ffffffff8106c212>] ? do_exit+0x842/0x850
 [<ffffffff8106c278>] ? do_group_exit+0x58/0xd0
 [<ffffffff8106c307>] ? sys_exit_group+0x17/0x20
 [<ffffffff8100b172>] ? system_call_fastpath+0x16/0x1b


Will report into a separate bug.
Comment 1 Alexander Todorov 2011-03-01 14:31:39 UTC 
#  modprobe --ignore-install --show-depends aead
FATAL: Module aead not found.
[root@melfina yum.repos.d]# uname -r
2.6.32-118.el6.x86_64
Comment 2 Alexander Todorov 2011-03-02 12:00:38 UTC 
With test package provided by Harald I got:

dracut: Mounting /dev/vda1 as /boot
EXT4-fs (vda1): mounted filesystem with ordered data mode
dracut: Checking integrity of kernel
dracut: Umounting /boot
dracut: Loading and integrity checking all crypto modules
alg: self-tests for aes-generic (aes) passed
alg: self-tests for aes-asm (aes) passed
alg: self-tests for ansi_cprng (stdrng) passed
alg: No test for fips(ansi_cprng) (fips_ansi_cprng)
alg: self-tests for des-generic (des) passed
alg: self-tests for des3_ede-generic (des3_ede) passed
alg: self-tests for sha224-generic (sha224) passed
alg: self-tests for sha256-generic (sha256) passed
alg: self-tests for sha384-generic (sha384) passed
alg: self-tests for sha512-generic (sha512) passed
alg: No test for cipher_null (cipher_null-generic)
alg: No test for ecb(cipher_null) (ecb-cipher_null)
alg: No test for digest_null (digest_null-generic)
alg: No test for compress_null (compress_null-generic)
dracut: Self testing crypto algorithms
alg: self-tests for sha1 (sha1) passed
alg: self-tests for ecb(des-generic) (ecb(des)) passed
alg: self-tests for ecb(des) (ecb(des)) passed
alg: self-tests for ecb(des3_ede-generic) (ecb(des3_ede)) passed
alg: self-tests for ecb(des3_ede) (ecb(des3_ede)) passed
alg: self-tests for cbc(des3_ede-generic) (cbc(des3_ede)) passed
alg: self-tests for cbc(des3_ede) (cbc(des3_ede)) passed
alg: self-tests for sha256 (sha256) passed
alg: self-tests for ecb(aes-asm) (ecb(aes)) passed
alg: self-tests for ecb(aes) (ecb(aes)) passed
alg: self-tests for cbc(aes-asm) (cbc(aes)) passed
alg: self-tests for cbc(aes) (cbc(aes)) passed
alg: self-tests for xts(aes-asm) (xts(aes)) passed
alg: self-tests for xts(aes) (xts(aes)) passed
alg: self-tests for ctr(aes-asm) (ctr(aes)) passed
alg: self-tests for ctr(aes) (ctr(aes)) passed
alg: self-tests for rfc3686(ctr(aes-asm)) (rfc3686(ctr(aes))) passed
alg: self-tests for rfc3686(ctr(aes)) (rfc3686(ctr(aes))) passed
alg: self-tests for sha384 (sha384) passed
alg: self-tests for sha512 (sha512) passed
alg: self-tests for crc32c (crc32c) passed
alg: self-tests for sha224 (sha224) passed
alg: self-tests for ccm_base(ctr(aes-asm),aes-asm) (ccm(aes)) passed
alg: self-tests for ccm(aes) (ccm(aes)) passed
alg: self-tests for rfc4309(ccm_base(ctr(aes-asm),aes-asm)) (rfc4309(ccm(aes))) passed
alg: self-tests for rfc4309(ccm(aes)) (rfc4309(ccm(aes))) passed
alg: self-tests for hmac(sha1-generic) (hmac(sha1)) passed
alg: self-tests for hmac(sha1) (hmac(sha1)) passed
alg: self-tests for hmac(sha256-generic) (hmac(sha256)) passed
alg: self-tests for hmac(sha256) (hmac(sha256)) passed
alg: self-tests for hmac(sha384-generic) (hmac(sha384)) passed
alg: self-tests for hmac(sha384) (hmac(sha384)) passed
alg: self-tests for hmac(sha512-generic) (hmac(sha512)) passed
alg: self-tests for hmac(sha512) (hmac(sha512)) passed
alg: self-tests for hmac(sha224-generic) (hmac(sha224)) passed
alg: self-tests for hmac(sha224) (hmac(sha224)) passed
alg: self-tests for ansi_cprng (ansi_cprng) passed
dracut: All initrd crypto checks done
dracut: Starting plymouth daemon


The fix is correct.
Comment 3 Harald Hoyer 2011-03-02 12:06:00 UTC 

*** This bug has been marked as a duplicate of bug 670925 ***