Sorry if you see this twice, I may have goofed: Hey, So I was playing around with trying to get a CentOS 6.5 system FIPS-140 complaint. However, my system panics because it cannot find the hmac file associated with my kernel. It's basically as what is going on is described in this bug report: https://bugzilla.redhat.com/show_bug.cgi?id=805538 The /sbin/fips.sh script in the initramfs there is a bit of code: if ! [ -e "/boot/.vmlinuz-${KERNEL}.hmac" ]; then warn "/boot/.vmlinuz-${KERNEL}.hmac does not exist" return 1 fi But that file does exist on the system. I guess the initramfs may not see the /boot directory on the system? Or is it trying to look for /boot inside the initramfs? If so that would explain my problem. I haven't verified any of this yet. But seems like /boot ought to be mounted for the system... anyone know of a fix for this? -- Dale Harris rodmur at maybe.org rodmur at gmail.com /.-)
I don't have expertise on this issue, but it would be interesting if that bit of shell script there were adjusted to also print out the fstab and possibly other diagnostic information relevant to the problem. That way, you might get a clue as to where /boot is coming from. Then again, I'm not even sure if that is something you can edit with your current situation. You did say the system was unbootable. It's probably an edit you'd need to make while mounting the hard disk from another system, like a live cd for example. On Sunday, April 20, 2014, Dale Harris <rodmur at gmail.com> wrote:> Sorry if you see this twice, I may have goofed: > > Hey, > > So I was playing around with trying to get a CentOS 6.5 system > FIPS-140 complaint. However, my system panics because it cannot find > the hmac file associated with my kernel. It's basically as what is > going on is described in this bug report: > > https://bugzilla.redhat.com/show_bug.cgi?id=805538 > > The /sbin/fips.sh script in the initramfs there is a bit of code: > > if ! [ -e "/boot/.vmlinuz-${KERNEL}.hmac" ]; then > warn "/boot/.vmlinuz-${KERNEL}.hmac does not exist" > return 1 > fi > > But that file does exist on the system. I guess the initramfs may not > see the /boot directory on the system? Or is it trying to look for > /boot inside the initramfs? If so that would explain my problem. I > haven't verified any of this yet. But seems like /boot ought to be > mounted for the system... anyone know of a fix for this? > > > -- > Dale Harris > rodmur at maybe.org <javascript:;> > rodmur at gmail.com <javascript:;> > /.-) > _______________________________________________ > CentOS mailing list > CentOS at centos.org <javascript:;> > http://lists.centos.org/mailman/listinfo/centos >-- - EJR
I don't have expertise on this issue, but it would be interesting if that bit of shell script there were adjusted to also print out the fstab and possibly other diagnostic information relevant to the problem. That way, you might get a clue as to where /boot is coming from. Then again, I'm not even sure if that is something you can edit with your current situation. You did say the system was unbootable. It's probably an edit you'd need to make while mounting the hard disk from another system, like a live cd for example. On Sunday, April 20, 2014, Dale Harris <rodmur at gmail.com<javascript:_e(%7B%7D,'cvml','rodmur at gmail.com');>> wrote:> Sorry if you see this twice, I may have goofed: > > Hey, > > So I was playing around with trying to get a CentOS 6.5 system > FIPS-140 complaint. However, my system panics because it cannot find > the hmac file associated with my kernel. It's basically as what is > going on is described in this bug report: > > https://bugzilla.redhat.com/show_bug.cgi?id=805538 > > The /sbin/fips.sh script in the initramfs there is a bit of code: > > if ! [ -e "/boot/.vmlinuz-${KERNEL}.hmac" ]; then > warn "/boot/.vmlinuz-${KERNEL}.hmac does not exist" > return 1 > fi > > But that file does exist on the system. I guess the initramfs may not > see the /boot directory on the system? Or is it trying to look for > /boot inside the initramfs? If so that would explain my problem. I > haven't verified any of this yet. But seems like /boot ought to be > mounted for the system... anyone know of a fix for this? > > > -- > Dale Harris > rodmur at maybe.org > rodmur at gmail.com > /.-) > _______________________________________________ > CentOS mailing list > CentOS at centos.org > http://lists.centos.org/mailman/listinfo/centos >-- - EJR
On Apr 20, 2014, at 8:01 PM, Dale Harris <rodmur at gmail.com> wrote:> > > But that file does exist on the system. I guess the initramfs may not > see the /boot directory on the system? Or is it trying to look for > /boot inside the initramfs? If so that would explain my problem. I > haven't verified any of this yet. But seems like /boot ought to be > mounted for the system... anyone know of a fix for this?Is /boot a separate filesystem? If so, I would check to see if it is actually mounted as /boot from the initramfs. It might just be /, at least until the initramfs is unmounted and the root filesystem is mounted on top of it. That's what I'd look for. /boot separate filesystem == it's / on initial boot /boot part of / == it's /boot on initial boot. --Russell