Description of problem: There are a number of limitations documented in mkinitrd's man page, multipath needs to be added to that list. mkinitrd will not build with FIPS enabled if /boot is on a multipath device.
This request was evaluated by Red Hat Product Management for inclusion in a Red Hat Enterprise Linux maintenance release. Product Management has requested further review of this request by Red Hat Engineering, for potential inclusion in a Red Hat Enterprise Linux Update release for currently deployed products. This request is not yet committed for inclusion in an Update release.
Problem: mkinitrd will also not build with FIPS enabled if /boot is on a dmraid device
to clarify: the initrd will be build but the boot process will fail because the boot partition can not be mounted (to verify vmlinuz.hmac). to boot my system i changed the sequence of the init script (packaged in initrd) to initialize the dm device before the sha512hmac-checks are performed.
Paulo, that sounds like something we might be able to fix. Could you open a different bug with details on the problem and how you fixed it?
https://bugzilla.redhat.com/show_bug.cgi?id=737081
[root@chicken ~]# rpm -q mkinitrd mkinitrd-5.1.19.6-75.el5 'man mkinitrd' says: FIPS ... /boot Must not be on multipath, nfs, dmraid or mdraid Moving to VERIFIED.
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. http://rhn.redhat.com/errata/RHBA-2012-0157.html