FIPS Integrity Check Fails on Boot after dracut -f invoked

Comments

We have recently been trying to implement LUKS auto unlocking in our environment. Currently, we are trying to use clevis tpm2. We have to comply with DISA STIG items, so FIPS=1 is a must.

Whenever I implement the clevis bind to slot 5 of all of my partitions,do a dracut -f on my initramfs, and reboot, I get a:

"FIPS Integrity Check Failed
Halting System"

Research is telling me to ensure the kernel_cmdline is including boot=/dev/nvme0n1x, and it is. I have to boot into the old kernel and uninstall/reinstall the new one to get back to normal, or restore from a backup of my initramfs.img. How do I go about figuring out the root cause of this failure?

Started 2020-10-21T11:24:27+00:00 by

Joshua Tracy

Newbie 5 points

Responses

Here are the common uses of Markdown.

Code blocks

~~~
Code surrounded in tildes is easier to read
~~~

Links/URLs

[Red Hat Customer Portal](https://access.redhat.com)

Select Your Language

FIPS Integrity Check Fails on Boot after dracut -f invoked

Responses

Quick Links

Help

Site Info

Related Sites

About

Red Hat legal and privacy links

Red Hat legal and privacy links

Responses

Quick Links

Help

Site Info

Related Sites

Systems Status

About

Red Hat legal and privacy links

Red Hat legal and privacy links