Red Hat Customer Portal

Select Your Language

Infrastructure and Management

Cloud Computing

Storage

Runtimes

Integration and Automation

  • Comments

    • RHEL8.3 Won't Boot After Kickstart

    Posted on

    I ran into a strange issue trying to build a RHEL8.3 box from a kickstart and wanted to put this out for anyone having the same problem.

    TLDR; If you enable FIPS in your kickstart (bootloader --location=mbr --append="fips=1"), you need to include fips=1 in the kernel boot options when you start the install.

    I am not really sure what has changed between 8.2 and 8.3 but the kickstart I used to build a RHEL8.2 box would not work for RHEL8.3.

    Just after install, my freshly minted RHEL8.3 box would hang. It did so very similarly to what is described here: https://access.redhat.com/discussions/2598541

    I noticed at the very beginning of my install, there were error messages saying certain modules could not be found.

    dracut-pre-trigger[252]: modprobe: FATAL: Module sha1 not found.
dracut-pre-trigger[252]: modprobe: FATAL: Module sha256 not found.

    This led me to this post: https://access.redhat.com/solutions/2853221
    Now Red Hat says the errors can be ignored, but if you read the last 2 comments, Renaud Metrich asks about boot options:


    12 December 2018 1:46 PM
Margaret (Peg) McCartney

The error messages cannot be disregarded. In my case, they are followed by: dracut: FATAL: FIPS integrity test failed dracut: Refusing to continue dracut-pre-trigger[295]: Warning: /boot/.vmlinuz-3.10.0-957.1.3.el7.x86_64.hmac does not exist System halted After the latest RHEL7 patches, the system will not boot

    reply

12 December 2018 2:02 PM
Renaud Metrich

I believe this has nothing to do with the messages, please show us the kernel command line arguments. This looks like you didn't specify "boot=" parameter

    This got me thinking. I had recently ran into a somewhat related issue a few weeks back. When I would enable FIPS and LUKS on a RHEL8.2 box in my kickstart, and I did not include fips=1 in the kernel boot options during install, the OS would not accept my LUKS password and the install was essentially dead in the water.

    With this in mind, I went back to my dead 8.3 box and set the kernel boot option to fips=0. Guess what; It booted.

    So I took this a step further and added fips=1 to the kernel boot option during the install. Guess what; the machine no longer hung and booted as expected.

    In my kickstart, I enable FIPS like this:

    bootloader --location=mbr --append="fips=1"

    kernel boot options would look something like this:

    inst.ks=http:192.168.100.1:80/kickstart.cfg RUNKS=1 fips=1

    You would think that setting --append="fips=1" in your kickstart is enough to enable FIPS, but sadly it is not.

    I hope this helps someone else.

    by

    points

    Responses

    Red Hat LinkedIn YouTube Facebook X, formerly Twitter

    Quick Links

    Help

    Site Info

    Related Sites

    © 2025 Red Hat