Bug 700102 – Add multipath to the list of limitations of mkinitrd's FIPS support in the man page

Bugzilla will be upgraded to version 5.0. The upgrade date is tentatively scheduled for 2 December 2018, pending final testing and feedback.

Bug 700102 - Add multipath to the list of limitations of mkinitrd's FIPS support in the man page

Summary:	Add multipath to the list of limitations of mkinitrd's FIPS support in the ma...

Status:	CLOSED ERRATA

Aliases:	None

Product:	Red Hat Enterprise Linux 5
Classification:	Red Hat
Component:	mkinitrd (Show other bugs)
Sub Component:
Version:	5.8
Hardware:	All Linux

Priority	medium Severity medium
Target Milestone:	rc
Target Release:	5.8
Assigned To:	Brian Lane
QA Contact:	Release Test Team
Docs Contact:

URL:
Whiteboard:
Keywords:

Depends On:
Blocks:	726828
	Show dependency tree / graph

Reported:	2011-04-27 09:16 EDT by Jason Willeford
Modified:	2012-02-21 00:34 EST (History)
CC List:	4 users (show)

See Also:
Fixed In Version:	mkinitrd-5.1.19.6-72
Doc Type:	Bug Fix
Doc Text:
Story Points:	---
Clone Of:
Environment:
Last Closed:	2012-02-21 00:34:26 EST
Type:	---
Regression:	---
Mount Type:	---
Documentation:	---
CRM:
Verified Versions:
Category:	---
oVirt Team:	---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team:	---

Attachments	(Terms of Use)
Add an attachment (proposed patch, testcase, etc.)

External Trackers
Tracker	ID	Priority	Status	Summary	Last Updated
Red Hat Product Errata	RHBA-2012:0157	normal	SHIPPED_LIVE	mkinitrd bug fix update	2012-02-20 09:54:17 EST

Groups: None (edit)

Description Jason Willeford 2011-04-27 09:16:25 EDT

Description of problem:
There are a number of limitations documented in mkinitrd's man page, multipath needs to be added to that list.  mkinitrd will not build with FIPS enabled if /boot is on a multipath device.

Comment 1 RHEL Product and Program Management 2011-08-05 08:31:49 EDT

This request was evaluated by Red Hat Product Management for inclusion in a Red
Hat Enterprise Linux maintenance release.  Product Management has requested
further review of this request by Red Hat Engineering, for potential
inclusion in a Red Hat Enterprise Linux Update release for currently deployed
products.  This request is not yet committed for inclusion in an Update
release.

Comment 2 Leon Fauster 2011-09-02 12:21:54 EDT

Problem:
mkinitrd will also not build with FIPS enabled if /boot is on a dmraid device

Comment 3 Leon Fauster 2011-09-02 12:47:21 EDT

to clarify: the initrd will be build but the boot process will fail because the boot partition can not
be mounted (to verify vmlinuz.hmac). 

to boot my system i changed the sequence of the init script (packaged in initrd) 
to initialize the dm device before the sha512hmac-checks are performed.

Comment 4 Brian Lane 2011-09-08 13:48:41 EDT

Paulo, that sounds like something we might be able to fix. Could you open a different bug with details on the problem and how you fixed it?

Comment 5 Leon Fauster 2011-09-09 10:35:25 EDT

https://bugzilla.redhat.com/show_bug.cgi?id=737081

Comment 7 Jan Stodola 2012-01-02 03:36:23 EST

[root@chicken ~]# rpm -q mkinitrd
mkinitrd-5.1.19.6-75.el5

'man mkinitrd' says:

FIPS
...
       /boot  Must not be on multipath, nfs, dmraid or mdraid


Moving to VERIFIED.

Comment 8 errata-xmlrpc 2012-02-21 00:34:26 EST

Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

http://rhn.redhat.com/errata/RHBA-2012-0157.html

Note You need to log in before you can comment on or make changes to this bug.