Sorry if you see this twice, I may have goofed:
Hey,
So I was playing around with trying to get a CentOS 6.5 system
FIPS-140 complaint. However, my system panics because it cannot find
the hmac file associated with my kernel.  It's basically as what is
going on is described in this bug report:
https://bugzilla.redhat.com/show_bug.cgi?id=805538
The /sbin/fips.sh script in the initramfs there is a bit of code:
if ! [ -e "/boot/.vmlinuz-${KERNEL}.hmac" ]; then
    warn "/boot/.vmlinuz-${KERNEL}.hmac does not exist"
    return 1
fi
But that file does exist on the system.  I guess the initramfs may not
see the /boot directory on the system?  Or is it trying to look for
/boot inside the initramfs? If so that would explain my problem. I
haven't verified any of this yet. But seems like /boot ought to be
mounted for the system... anyone know of a fix for this?
-- 
Dale Harris
rodmur at maybe.org
rodmur at gmail.com
/.-)
I don't have expertise on this issue, but it would be interesting if that bit of shell script there were adjusted to also print out the fstab and possibly other diagnostic information relevant to the problem. That way, you might get a clue as to where /boot is coming from. Then again, I'm not even sure if that is something you can edit with your current situation. You did say the system was unbootable. It's probably an edit you'd need to make while mounting the hard disk from another system, like a live cd for example. On Sunday, April 20, 2014, Dale Harris <rodmur at gmail.com> wrote:> Sorry if you see this twice, I may have goofed: > > Hey, > > So I was playing around with trying to get a CentOS 6.5 system > FIPS-140 complaint. However, my system panics because it cannot find > the hmac file associated with my kernel. It's basically as what is > going on is described in this bug report: > > https://bugzilla.redhat.com/show_bug.cgi?id=805538 > > The /sbin/fips.sh script in the initramfs there is a bit of code: > > if ! [ -e "/boot/.vmlinuz-${KERNEL}.hmac" ]; then > warn "/boot/.vmlinuz-${KERNEL}.hmac does not exist" > return 1 > fi > > But that file does exist on the system. I guess the initramfs may not > see the /boot directory on the system? Or is it trying to look for > /boot inside the initramfs? If so that would explain my problem. I > haven't verified any of this yet. But seems like /boot ought to be > mounted for the system... anyone know of a fix for this? > > > -- > Dale Harris > rodmur at maybe.org <javascript:;> > rodmur at gmail.com <javascript:;> > /.-) > _______________________________________________ > CentOS mailing list > CentOS at centos.org <javascript:;> > http://lists.centos.org/mailman/listinfo/centos >-- - EJR
I don't have expertise on this issue, but it would be interesting if that bit of shell script there were adjusted to also print out the fstab and possibly other diagnostic information relevant to the problem. That way, you might get a clue as to where /boot is coming from. Then again, I'm not even sure if that is something you can edit with your current situation. You did say the system was unbootable. It's probably an edit you'd need to make while mounting the hard disk from another system, like a live cd for example. On Sunday, April 20, 2014, Dale Harris <rodmur at gmail.com<javascript:_e(%7B%7D,'cvml','rodmur at gmail.com');>> wrote:> Sorry if you see this twice, I may have goofed: > > Hey, > > So I was playing around with trying to get a CentOS 6.5 system > FIPS-140 complaint. However, my system panics because it cannot find > the hmac file associated with my kernel. It's basically as what is > going on is described in this bug report: > > https://bugzilla.redhat.com/show_bug.cgi?id=805538 > > The /sbin/fips.sh script in the initramfs there is a bit of code: > > if ! [ -e "/boot/.vmlinuz-${KERNEL}.hmac" ]; then > warn "/boot/.vmlinuz-${KERNEL}.hmac does not exist" > return 1 > fi > > But that file does exist on the system. I guess the initramfs may not > see the /boot directory on the system? Or is it trying to look for > /boot inside the initramfs? If so that would explain my problem. I > haven't verified any of this yet. But seems like /boot ought to be > mounted for the system... anyone know of a fix for this? > > > -- > Dale Harris > rodmur at maybe.org > rodmur at gmail.com > /.-) > _______________________________________________ > CentOS mailing list > CentOS at centos.org > http://lists.centos.org/mailman/listinfo/centos >-- - EJR
On Apr 20, 2014, at 8:01 PM, Dale Harris <rodmur at gmail.com> wrote:> > > But that file does exist on the system. I guess the initramfs may not > see the /boot directory on the system? Or is it trying to look for > /boot inside the initramfs? If so that would explain my problem. I > haven't verified any of this yet. But seems like /boot ought to be > mounted for the system... anyone know of a fix for this?Is /boot a separate filesystem? If so, I would check to see if it is actually mounted as /boot from the initramfs. It might just be /, at least until the initramfs is unmounted and the root filesystem is mounted on top of it. That's what I'd look for. /boot separate filesystem == it's / on initial boot /boot part of / == it's /boot on initial boot. --Russell