LUKS encrypted system fails to boot after enabling fips

Solution Verified - Updated -

Issue

  • Enabling fips on a LUKS encrypted system causes the system to be unable to boot. We see the following errors when booting the system:
[FAILED] Failed to start Cryptography Setup for luks-xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx. 
See 'systemctl status "systemd-cryptsetup@luks\\xxxxxxxxxx\\xxxxxxx\\xxxxxxxx\\xxxxxxx\\xxxxxxxxxxxxxxxx.service"' for details.
[DEPEND] Dependency failed for Local Encrypted Volumes.
  • After pausing on the above error for a short period of time we eventually see the following and end up in rescue mode
dracut-initqueue[272]: Warning: dracut-initqueue timeout - starting timeout scripts
Warning: /dev/mapper/rhel-root does not exist
Warning:/dev/rhel/root does not exist
Warning:/dev/rhel/swap does not exist

Environment

  • Red Hat Enterprise Linux 7

Subscriber exclusive content

A Red Hat subscription provides unlimited access to our knowledgebase, tools, and much more.

Current Customers and Partners

Log in for full access

Log In

New to Red Hat?

Learn more about Red Hat subscriptions

Using a Red Hat product through a public cloud?

How to access this content