Comment # 1
on bug 1207892
from Antonio Feijoo
(In reply to Dominique Leuenberger from comment #0)
> ## Expected result
>
> Last good: [20221126](https://openqa.opensuse.org/tests/2908533) (or more
> recent)
Correction, last good: [20230201] (https://openqa.opensuse.org/tests/3089441)
No "dracut: fips integrity check failed" error in step/fips_setup/22 between
snapshots 20221216 and 20230201.
Also, no dracut changes since 20230126 (059+suse.360.g2e0ed5f7), fix for bug
1206431.
FWIW, debug output for 20230202:
> + do_fips
> ++ uname -r
> + KERNEL=6.1.8-1-default
> + getarg rd.fips.skipkernel
> + debug_off
> + set +x
> + return 1
> + fips_info 'Checking integrity of kernel'
> + echo 'Checking integrity of kernel'
> Checking integrity of kernel
> + '[' -e /run/initramfs/live/vmlinuz0 ']'
> + '[' -e /run/initramfs/live/isolinux/vmlinuz0 ']'
> + '[' -e /run/install/repo/images/pxeboot/vmlinuz ']'
> ++ getarg BOOT_IMAGE
> ++ debug_off
> ++ set +x
> ++ return 0
> + BOOT_IMAGE=/boot/vmlinuz-6.1.8-1-default
> ++ echo /boot/vmlinuz-6.1.8-1-default
> ++ sed 's/^(.*)//'
> + BOOT_IMAGE=/boot/vmlinuz-6.1.8-1-default
> + BOOT_IMAGE_NAME=vmlinuz-6.1.8-1-default
> + BOOT_IMAGE_PATH=/boot/
> + local _vmname
> ++ get_vmname
> ++ local _vmname
> ++ case "$(uname -m)" in
> +++ uname -m
> ++ _vmname=vmlinuz
> ++ echo vmlinuz
> + _vmname=vmlinuz
> + '[' -z vmlinuz-6.1.8-1-default ']'
> + '[' -e /boot//boot///boot/vmlinuz-6.1.8-1-default ']'
> + BOOT_IMAGE_PATH=/
> + '[' -e /boot///vmlinuz-6.1.8-1-default ']'
> + BOOT_IMAGE_HMAC=/boot///.vmlinuz-6.1.8-1-default.hmac
> + '[' -e /boot///.vmlinuz-6.1.8-1-default.hmac ']'
> + BOOT_IMAGE_KERNEL=/boot//vmlinuz-6.1.8-1-default
> + '[' -e /boot//vmlinuz-6.1.8-1-default ']'
> ++ fipscheck
> ++ FIPSCHECK=/usr/lib64/libkcapi/fipscheck
> ++ '[' '!' -f /usr/lib64/libkcapi/fipscheck ']'
> ++ FIPSCHECK=/usr/lib/libkcapi/fipscheck
> ++ '[' '!' -f /usr/lib/libkcapi/fipscheck ']'
> ++ FIPSCHECK=/usr/bin/fipscheck
> ++ echo /usr/bin/fipscheck
> + '[' -n /usr/bin/fipscheck ']'
> ++ fipscheck
> ++ FIPSCHECK=/usr/lib64/libkcapi/fipscheck
> ++ '[' '!' -f /usr/lib64/libkcapi/fipscheck ']'
> ++ FIPSCHECK=/usr/lib/libkcapi/fipscheck
> ++ '[' '!' -f /usr/lib/libkcapi/fipscheck ']'
> ++ FIPSCHECK=/usr/bin/fipscheck
> ++ echo /usr/bin/fipscheck
> + /usr/bin/fipscheck /boot//vmlinuz-6.1.8-1-default
> + return 1
Manually calling fipscheck from the emergency shell:
> sh-5.2# FIPSCHECK_DEBUG=stderr /usr/bin/fipscheck /boot/vmlinuz-6.1.8-1-default
> + FIPSCHECK_DEBUG=stderr
> + /usr/bin/fipscheck /boot/vmlinuz-6.1.8-1-default
> fipscheck: Failed to allocate memory for HMAC : No such file or directory
> sh-5.2# echo $?
> + echo 14
> 14
> sh-5.2# FIPSCHECK_DEBUG=stderr /usr/bin/fipscheck /boot/vmlinuz-6.1.8-1-default
> + FIPSCHECK_DEBUG=stderr
> + /usr/bin/fipscheck /boot/vmlinuz-6.1.8-1-default
> fipscheck: Failed to allocate memory for HMAC : No such file or directory
> sh-5.2# echo $?
> + echo 14
> 14
> sh-5.2# ls -la /boot/
> total 16328
> dr-xr-xr-x 1 root root 350 Feb 3 11:43 .
> drwxr-xr-x 1 root root 206 Feb 3 11:43 ..
> lrwxrwxrwx 1 root root 48 Feb 3 11:42 .vmlinuz-6.1.8-1-default.hmac -> ../usr/lib/modules/6.1.8-1-default/.vmlinuz.hmac
> lrwxrwxrwx 1 root root 45 Feb 3 11:42 System.map-6.1.8-1-default -> ../usr/lib/modules/6.1.8-1-default/System.map
> lrwxrwxrwx 1 root root 41 Feb 3 11:42 config-6.1.8-1-default -> ../usr/lib/modules/6.1.8-1-default/config
> drwxr-xr-x 1 root root 0 Feb 3 11:43 efi
> drwxr-xr-x 1 root root 98 Feb 3 11:43 grub2
> lrwxrwxrwx 1 root root 22 Feb 3 11:42 initrd -> initrd-6.1.8-1-default
> -rw------- 1 root root 16685057 Feb 6 07:45 initrd-6.1.8-1-default
> -rw-r--r-- 1 root root 11 Feb 3 11:43 mbrid
> lrwxrwxrwx 1 root root 46 Feb 3 11:42 sysctl.conf-6.1.8-1-default -> ../usr/lib/modules/6.1.8-1-default/sysctl.conf
> lrwxrwxrwx 1 root root 23 Feb 3 11:42 vmlinuz -> vmlinuz-6.1.8-1-default
> lrwxrwxrwx 1 root root 42 Feb 3 11:42 vmlinuz-6.1.8-1-default -> ../usr/lib/modules/6.1.8-1-default/vmlinuz