[CentOS] Kernel panic when booting into FIPS mode

Evan Rowley rowley.evan at gmail.com
Mon Apr 21 03:59:35 UTC 2014


I don't have expertise on this issue, but it would be interesting if that
bit of shell script there were adjusted to also print out the fstab and
possibly other diagnostic information relevant to the problem. That way,
you might get a clue as to where /boot is coming from. Then again, I'm not
even sure if that is something you can edit with your current situation.
You did say the system was unbootable.  It's probably an edit you'd need to
make while mounting the hard disk from another system, like a live cd for
example.

On Sunday, April 20, 2014, Dale Harris <rodmur at gmail.com> wrote:

> Sorry if you see this twice, I may have goofed:
>
> Hey,
>
> So I was playing around with trying to get a CentOS 6.5 system
> FIPS-140 complaint. However, my system panics because it cannot find
> the hmac file associated with my kernel.  It's basically as what is
> going on is described in this bug report:
>
> https://bugzilla.redhat.com/show_bug.cgi?id=805538
>
> The /sbin/fips.sh script in the initramfs there is a bit of code:
>
> if ! [ -e "/boot/.vmlinuz-${KERNEL}.hmac" ]; then
>     warn "/boot/.vmlinuz-${KERNEL}.hmac does not exist"
>     return 1
> fi
>
> But that file does exist on the system.  I guess the initramfs may not
> see the /boot directory on the system?  Or is it trying to look for
> /boot inside the initramfs? If so that would explain my problem. I
> haven't verified any of this yet. But seems like /boot ought to be
> mounted for the system... anyone know of a fix for this?
>
>
> --
> Dale Harris
> rodmur at maybe.org <javascript:;>
> rodmur at gmail.com <javascript:;>
> /.-)
> _______________________________________________
> CentOS mailing list
> CentOS at centos.org <javascript:;>
> http://lists.centos.org/mailman/listinfo/centos
>


-- 
 - EJR



More information about the CentOS mailing list