[Bug 800993] New: Tomoyo Linux cannot be activated on a trusted grub 64 bit install with LVM and LUKS encryption, boot freezes with Kernel panic and error message
https://bugzilla.novell.com/show_bug.cgi?id=800993 https://bugzilla.novell.com/show_bug.cgi?id=800993#c0 Summary: Tomoyo Linux cannot be activated on a trusted grub 64 bit install with LVM and LUKS encryption, boot freezes with Kernel panic and error message Classification: openSUSE Product: openSUSE 12.2 Version: Final Platform: x86-64 OS/Version: openSUSE 12.2 Status: NEW Severity: Critical Priority: P5 - None Component: Other AssignedTo: bnc-team-screening@forge.provo.novell.com ReportedBy: stakanov@freenet.de QAContact: qa-bugs@suse.de Found By: --- Blocker: --- User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:18.0) Gecko/20100101 Firefox/18.0 This is a completely new install. 3.4.11-2.16-desktop #1 SMP PREEMPT Wed Sep 26 17:05:00 UTC 2012 (259fc87) x86_64 x86_64 x86_64 GNU/Linux with KDE 8.5 and installation in LUKS encrypted LVM and trusted grub on a machine with TMP-chip. When having installed the tomoyo-tools (2.4.0.20110929-83.1.2) and starting the machine with security=tomoyo, if done be editing by hand, after a short stop, the system starts without tomoyo working. No behavior is recorded. If putting security=tomoyo into the boot parameter then the system after having mounted the encrypted LVM gives the following error (after asking repeatedly again for the password to mount and blocks): "Kernel Panik (followed by a few lines of number sequences) then: Profile V.2.5 must be initialized. Module 20100903 not supported". A similar behavior is actually described on the Tomoyo site if a wrong tool module is used to initialize Tomoyo. Reproducible: Always Steps to Reproduce: 1.Install opensuse 64 with encrypted Luks encrypted LVM. 2.Install tomoyo-tools, run the initialization, set the domain transition editor of the kernel to zone 1 (as in the nice video on youtube or on the Tomoyo Linux site). 3.Activate the option "security=tomoyo". 4.Reboot Actual Results: The system, if the parameter is set by hand, blocks but then starts without tomoyo working. The editor records nothing. If the parameter is set within yast to the bootloader, the system is halted with kernel panic and the error message as of above. Expected Results: Tomoyo should be activated in the kernel, it should boot and record the behavior in the editor when the editor is started. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=800993 https://bugzilla.novell.com/show_bug.cgi?id=800993#c1 --- Comment #1 from Stakanov Schufter <stakanov@freenet.de> 2013-01-29 12:13:25 UTC --- Created an attachment (id=522431) --> (http://bugzilla.novell.com/attachment.cgi?id=522431) screenshot of kernelpanic contains the text of the kernelpanic occurring when trying to enable tomoyo. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=800993 https://bugzilla.novell.com/show_bug.cgi?id=800993#c2 --- Comment #2 from Stakanov Schufter <stakanov@freenet.de> 2013-01-29 12:20:32 UTC --- I controlled, the directory tomoyo seams to be correctly build. It is there with the files (that if you wish I can attach as zip). I tried to rename to tomoyo-old and to run again the initialization. Does build without error again but then the result is exactly the same. When there should be "doing fast boot" there is instead a very brief error message about: - device recognition failed or similar, baring I belief also the number 64. The password is accepted correctly and the system volumes are seen. The rest you can follow it (a bit blurred I admitt) on the photo. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=800993 https://bugzilla.novell.com/show_bug.cgi?id=800993#c3 --- Comment #3 from Stakanov Schufter <stakanov@freenet.de> 2013-01-29 12:36:22 UTC --- The correct error that shows is: - device descriptor read error then the boot process begins (normally and up to after mounting the encrypted LVM) -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=800993 https://bugzilla.novell.com/show_bug.cgi?id=800993#c4 --- Comment #4 from Marcus Meissner <meissner@suse.com> 2013-01-29 12:39:37 UTC --- I think i need to just update tomoyo-tools to 2.5.0-20120805. I have done this in the security OBS project already and will push it towards 12.3 -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=800993 https://bugzilla.novell.com/show_bug.cgi?id=800993#c5 --- Comment #5 from Marcus Meissner <meissner@suse.com> 2013-01-29 12:40:23 UTC --- and is this 12.2? or 12.3? -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=800993 https://bugzilla.novell.com/show_bug.cgi?id=800993#c6 --- Comment #6 from Stakanov Schufter <stakanov@freenet.de> 2013-01-29 13:04:04 UTC --- Well, this is in the title. 12.2 64bit OS: 12.2 fresh install, only repos are OSS, NOSS and update. Nothing else. The laptop is a Lenovo X201. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=800993 https://bugzilla.novell.com/show_bug.cgi?id=800993#c7 --- Comment #7 from Stakanov Schufter <stakanov@freenet.de> 2013-01-29 13:08:21 UTC --- btw, I was told not to use the security repos. So it would be nice to have the 12.2 regular repos updated with it because the last time using the repo it wrecked my system triggering the install of cryptsetup-mkinitrd (and the one of other OP as well). -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=800993 https://bugzilla.novell.com/show_bug.cgi?id=800993#c8 Stakanov Schufter <stakanov@freenet.de> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |ASSIGNED --- Comment #8 from Stakanov Schufter <stakanov@freenet.de> 2013-01-29 13:19:05 UTC --- marking bug as assigned, I suppose -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=800993 https://bugzilla.novell.com/show_bug.cgi?id=800993#c9 Marcus Meissner <meissner@suse.com> changed: What |Removed |Added ---------------------------------------------------------------------------- AssignedTo|bnc-team-screening@forge.pr |meissner@suse.com |ovo.novell.com | --- Comment #9 from Marcus Meissner <meissner@suse.com> 2013-01-30 15:49:17 UTC --- unless it is assigned to someone it dos not help. but i am the maintainer, so assign to me -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=800993 https://bugzilla.novell.com/show_bug.cgi?id=800993#c10 --- Comment #10 from Stakanov Schufter <stakanov@freenet.de> 2013-03-13 08:48:39 UTC --- any hope that this will come in the regular repos for 12.2 after the release of 12.3? -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=800993 https://bugzilla.novell.com/show_bug.cgi?id=800993#c11 Marcus Meissner <meissner@suse.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|ASSIGNED |RESOLVED Resolution| |FIXED --- Comment #11 from Marcus Meissner <meissner@suse.com> 2013-03-13 16:21:20 UTC --- szubmitted a maintenance request for 12.2 too. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=800993 https://bugzilla.novell.com/show_bug.cgi?id=800993#c12 --- Comment #12 from Swamp Workflow Management <swamp@suse.de> 2013-03-19 15:05:17 UTC --- openSUSE-RU-2013:0484-1: An update that has one recommended fix can now be installed. Category: recommended (moderate) Bug References: 800993 CVE References: Sources used: openSUSE 12.2 (src): tomoyo-tools-2.5.0.20120805-83.4.1 -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
participants (1)
-
bugzilla_noreply@novell.com