https://bugzilla.suse.com/show_bug.cgi?id=1207892 https://bugzilla.suse.com/show_bug.cgi?id=1207892#c1 Antonio Feijoo <antonio.feijoo@suse.com> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |antonio.feijoo@suse.com, | |security-team@suse.de Flags| |needinfo?(security-team@sus | |e.de) --- Comment #1 from Antonio Feijoo <antonio.feijoo@suse.com> --- (In reply to Dominique Leuenberger from comment #0)

## Expected result

Last good: [20221126](https://openqa.opensuse.org/tests/2908533) (or more recent)

Correction, last good: [20230201] (https://openqa.opensuse.org/tests/3089441) No "dracut: fips integrity check failed" error in step/fips_setup/22 between snapshots 20221216 and 20230201. Also, no dracut changes since 20230126 (059+suse.360.g2e0ed5f7), fix for bug 1206431. FWIW, debug output for 20230202:

+ do_fips ++ uname -r + KERNEL=6.1.8-1-default + getarg rd.fips.skipkernel + debug_off + set +x + return 1 + fips_info 'Checking integrity of kernel' + echo 'Checking integrity of kernel' Checking integrity of kernel + '[' -e /run/initramfs/live/vmlinuz0 ']' + '[' -e /run/initramfs/live/isolinux/vmlinuz0 ']' + '[' -e /run/install/repo/images/pxeboot/vmlinuz ']' ++ getarg BOOT_IMAGE ++ debug_off ++ set +x ++ return 0 + BOOT_IMAGE=/boot/vmlinuz-6.1.8-1-default ++ echo /boot/vmlinuz-6.1.8-1-default ++ sed 's/^(.*)//' + BOOT_IMAGE=/boot/vmlinuz-6.1.8-1-default + BOOT_IMAGE_NAME=vmlinuz-6.1.8-1-default + BOOT_IMAGE_PATH=/boot/ + local _vmname ++ get_vmname ++ local _vmname ++ case "$(uname -m)" in +++ uname -m ++ _vmname=vmlinuz ++ echo vmlinuz + _vmname=vmlinuz + '[' -z vmlinuz-6.1.8-1-default ']' + '[' -e /boot//boot///boot/vmlinuz-6.1.8-1-default ']' + BOOT_IMAGE_PATH=/ + '[' -e /boot///vmlinuz-6.1.8-1-default ']' + BOOT_IMAGE_HMAC=/boot///.vmlinuz-6.1.8-1-default.hmac + '[' -e /boot///.vmlinuz-6.1.8-1-default.hmac ']' + BOOT_IMAGE_KERNEL=/boot//vmlinuz-6.1.8-1-default + '[' -e /boot//vmlinuz-6.1.8-1-default ']' ++ fipscheck ++ FIPSCHECK=/usr/lib64/libkcapi/fipscheck ++ '[' '!' -f /usr/lib64/libkcapi/fipscheck ']' ++ FIPSCHECK=/usr/lib/libkcapi/fipscheck ++ '[' '!' -f /usr/lib/libkcapi/fipscheck ']' ++ FIPSCHECK=/usr/bin/fipscheck ++ echo /usr/bin/fipscheck + '[' -n /usr/bin/fipscheck ']' ++ fipscheck ++ FIPSCHECK=/usr/lib64/libkcapi/fipscheck ++ '[' '!' -f /usr/lib64/libkcapi/fipscheck ']' ++ FIPSCHECK=/usr/lib/libkcapi/fipscheck ++ '[' '!' -f /usr/lib/libkcapi/fipscheck ']' ++ FIPSCHECK=/usr/bin/fipscheck ++ echo /usr/bin/fipscheck + /usr/bin/fipscheck /boot//vmlinuz-6.1.8-1-default + return 1

Manually calling fipscheck from the emergency shell:

sh-5.2# FIPSCHECK_DEBUG=stderr /usr/bin/fipscheck /boot/vmlinuz-6.1.8-1-default + FIPSCHECK_DEBUG=stderr + /usr/bin/fipscheck /boot/vmlinuz-6.1.8-1-default fipscheck: Failed to allocate memory for HMAC : No such file or directory sh-5.2# echo $? + echo 14 14 sh-5.2# FIPSCHECK_DEBUG=stderr /usr/bin/fipscheck /boot/vmlinuz-6.1.8-1-default + FIPSCHECK_DEBUG=stderr + /usr/bin/fipscheck /boot/vmlinuz-6.1.8-1-default fipscheck: Failed to allocate memory for HMAC : No such file or directory sh-5.2# echo $? + echo 14 14 sh-5.2# ls -la /boot/ total 16328 dr-xr-xr-x 1 root root 350 Feb 3 11:43 . drwxr-xr-x 1 root root 206 Feb 3 11:43 .. lrwxrwxrwx 1 root root 48 Feb 3 11:42 .vmlinuz-6.1.8-1-default.hmac -> ../usr/lib/modules/6.1.8-1-default/.vmlinuz.hmac lrwxrwxrwx 1 root root 45 Feb 3 11:42 System.map-6.1.8-1-default -> ../usr/lib/modules/6.1.8-1-default/System.map lrwxrwxrwx 1 root root 41 Feb 3 11:42 config-6.1.8-1-default -> ../usr/lib/modules/6.1.8-1-default/config drwxr-xr-x 1 root root 0 Feb 3 11:43 efi drwxr-xr-x 1 root root 98 Feb 3 11:43 grub2 lrwxrwxrwx 1 root root 22 Feb 3 11:42 initrd -> initrd-6.1.8-1-default -rw------- 1 root root 16685057 Feb 6 07:45 initrd-6.1.8-1-default -rw-r--r-- 1 root root 11 Feb 3 11:43 mbrid lrwxrwxrwx 1 root root 46 Feb 3 11:42 sysctl.conf-6.1.8-1-default -> ../usr/lib/modules/6.1.8-1-default/sysctl.conf lrwxrwxrwx 1 root root 23 Feb 3 11:42 vmlinuz -> vmlinuz-6.1.8-1-default lrwxrwxrwx 1 root root 42 Feb 3 11:42 vmlinuz-6.1.8-1-default -> ../usr/lib/modules/6.1.8-1-default/vmlinuz

-- You are receiving this mail because: You are on the CC list for the bug.