Normally, I do not carry out major maintenance on Friday. If something goes wrong it will ruin your whole weekend. I’ve been enabling FIPS on all Red Hat servers to be RMF compliant.
Red Hat 7 with efi enabled.
1.yum install dracut-fips
2.dracut-force --verbose
3.BOOT="UUID=${findmnt -no uuid /boot}"
4./usr/bin/sed -i "s/rhgb/rhgb boot=${BOOT} fips=1/" /etc/deafult/grub
5.grub2-mkconfig -o /etc/grub2-efi.cfg
To verify if fips is enabled:
#sysctl crypto.fips_enabled
crypto.fiips_enabled=1 (this means it is enabled)
While enabling on one of the servers, I missed step three .On the grub2-efi-cf boot=UUID was null. When I rebooted I got the following errors:After entering the lux password, error “Error allocating crypto tfm, Failed to start Cryptography setup and failed to reboot.
I opted to reboot the server using Red Hat DVD iso to rescue mode and make changes to the grub configuration.
- Once you boot to Red Hat 7 dvd, you will be presented with three options on the grub menu, and choose Troubleshooting.
- At the next screen, select the option Rescue a Red Hat system.
- On the next screen, choose 3) skip to shell.
- Mount the boot parition
mount /dev/sda1 /mnt/sysimage- Get the UUID of /dev/sda1
Look up data on /dev/sda1:#sudo blkid /dev/sda1 /dev/sda1: UUID="736cac18-044b-4504-87f1-a5aefa774bdd" TYPE="ext3"
Show UUID data for all partitions:
# sudo blkid /dev/sda1: UUID="736cac18-044b-4504-87f1-a5aefa774bda" TYPE="ext3" /dev/sdb: UUID="762c4aa9-963d-4467-8cd0-d58caaacaff4" TYPE="ext3"
5. Edit /boot/grub2/grub.cnf and add the above UUID on the first menu where boot=UUID =
736cac18-044b-4504-87f1-a5aefa774bdd. Save the file and reboot the server.
- Get the UUID of /dev/sda1
