Hide Forgot
While testing Bug #670925 I got an error that module aead was not found later on resulting in kernel panic and the system didn't boot. +++ This bug was initially created as a clone of Bug #670925 +++ --- Additional comment from atodorov on 2011-03-01 16:21:58 EET --- To test this: On a @Base RHEL 6.1 install: 1) Install dracut-fips 2) Re-create initramfs to include the .hmac files for cryptsetup 3) Boot with the new initramfs and 'boot=/dev/sda1 fips=1 rdbreak=pre-pivot rdshell rddebug' 4) Dracut will drop into a shell before switch_root and there execute comment #13: (15,50,57) mbroz: then try echo "blah" | cryptsetup create -c aes-xts-plain64 -s 512 x /dev/sda1 (15,51,19) mbroz: it must create device /dev/mapper/x (check with dmsetup table) --- Additional comment from atodorov on 2011-03-01 16:24:10 EET --- With dracut-fips-004-41.el6 and the steps from comment #20 I got an error: dracut: Mounting /dev/vda1 as /boot EXT4-fs (vda1): INFO: recovery required on readonly filesystem EXT4-fs (vda1): write access will be enabled during recovery EXT4-fs (vda1): recovery complete EXT4-fs (vda1): mounted filesystem with ordered data mode dracut: Checking integrity of kernel /boot/vmlinuz-2.6.32-118.el6.x86_64: OK dracut: Umounting /boot dracut: Loading and integrity checking all crypto modules FATAL: Module aead not found. dracut: FATAL: FIPS integrity test failed dracut: Refusing to continue dracut: FATAL: FIPS integrity test failed dracut: Refusing to continue Signal caught! dracut Warning: LVM vg_test1163/lv_root not found Kernel panic - not syncing: Attempted to kill init! Pid: 1, comm: init Not tainted 2.6.32-118.el6.x86_64 #1 Call Trace: [<ffffffff814d87b9>] ? panic+0x78/0x143 [<ffffffff8106c212>] ? do_exit+0x842/0x850 [<ffffffff8106c278>] ? do_group_exit+0x58/0xd0 [<ffffffff8106c307>] ? sys_exit_group+0x17/0x20 [<ffffffff8100b172>] ? system_call_fastpath+0x16/0x1b Will report into a separate bug.
# modprobe --ignore-install --show-depends aead FATAL: Module aead not found. [root@melfina yum.repos.d]# uname -r 2.6.32-118.el6.x86_64
With test package provided by Harald I got: dracut: Mounting /dev/vda1 as /boot EXT4-fs (vda1): mounted filesystem with ordered data mode dracut: Checking integrity of kernel dracut: Umounting /boot dracut: Loading and integrity checking all crypto modules alg: self-tests for aes-generic (aes) passed alg: self-tests for aes-asm (aes) passed alg: self-tests for ansi_cprng (stdrng) passed alg: No test for fips(ansi_cprng) (fips_ansi_cprng) alg: self-tests for des-generic (des) passed alg: self-tests for des3_ede-generic (des3_ede) passed alg: self-tests for sha224-generic (sha224) passed alg: self-tests for sha256-generic (sha256) passed alg: self-tests for sha384-generic (sha384) passed alg: self-tests for sha512-generic (sha512) passed alg: No test for cipher_null (cipher_null-generic) alg: No test for ecb(cipher_null) (ecb-cipher_null) alg: No test for digest_null (digest_null-generic) alg: No test for compress_null (compress_null-generic) dracut: Self testing crypto algorithms alg: self-tests for sha1 (sha1) passed alg: self-tests for ecb(des-generic) (ecb(des)) passed alg: self-tests for ecb(des) (ecb(des)) passed alg: self-tests for ecb(des3_ede-generic) (ecb(des3_ede)) passed alg: self-tests for ecb(des3_ede) (ecb(des3_ede)) passed alg: self-tests for cbc(des3_ede-generic) (cbc(des3_ede)) passed alg: self-tests for cbc(des3_ede) (cbc(des3_ede)) passed alg: self-tests for sha256 (sha256) passed alg: self-tests for ecb(aes-asm) (ecb(aes)) passed alg: self-tests for ecb(aes) (ecb(aes)) passed alg: self-tests for cbc(aes-asm) (cbc(aes)) passed alg: self-tests for cbc(aes) (cbc(aes)) passed alg: self-tests for xts(aes-asm) (xts(aes)) passed alg: self-tests for xts(aes) (xts(aes)) passed alg: self-tests for ctr(aes-asm) (ctr(aes)) passed alg: self-tests for ctr(aes) (ctr(aes)) passed alg: self-tests for rfc3686(ctr(aes-asm)) (rfc3686(ctr(aes))) passed alg: self-tests for rfc3686(ctr(aes)) (rfc3686(ctr(aes))) passed alg: self-tests for sha384 (sha384) passed alg: self-tests for sha512 (sha512) passed alg: self-tests for crc32c (crc32c) passed alg: self-tests for sha224 (sha224) passed alg: self-tests for ccm_base(ctr(aes-asm),aes-asm) (ccm(aes)) passed alg: self-tests for ccm(aes) (ccm(aes)) passed alg: self-tests for rfc4309(ccm_base(ctr(aes-asm),aes-asm)) (rfc4309(ccm(aes))) passed alg: self-tests for rfc4309(ccm(aes)) (rfc4309(ccm(aes))) passed alg: self-tests for hmac(sha1-generic) (hmac(sha1)) passed alg: self-tests for hmac(sha1) (hmac(sha1)) passed alg: self-tests for hmac(sha256-generic) (hmac(sha256)) passed alg: self-tests for hmac(sha256) (hmac(sha256)) passed alg: self-tests for hmac(sha384-generic) (hmac(sha384)) passed alg: self-tests for hmac(sha384) (hmac(sha384)) passed alg: self-tests for hmac(sha512-generic) (hmac(sha512)) passed alg: self-tests for hmac(sha512) (hmac(sha512)) passed alg: self-tests for hmac(sha224-generic) (hmac(sha224)) passed alg: self-tests for hmac(sha224) (hmac(sha224)) passed alg: self-tests for ansi_cprng (ansi_cprng) passed dracut: All initrd crypto checks done dracut: Starting plymouth daemon The fix is correct.
*** This bug has been marked as a duplicate of bug 670925 ***