self-tests for ecdh-nist-p256-generic (ecdh-nist-p256) failed in fips mode #1606
Description
Describe the bug
I get the following kernel panic information when booting from Ph6 beta nightly build.
The issue appears with VMware-optimized and STIG-hardened settings only.
=========================================================================
Kernel | STIG hardening | resulting boot behavior
-------------------------------------------------------------------------
generic | no | vm boots successfully
generic | yes | vm boots successfully
VMware hypervisor optimised | no | vm boots successfully
VMware hypervisor optimised | yes | vm boot fails
=========================================================================
Reproduction steps
- Make build of full iso from branch 6.0, photon-5.0-b21a7d438.x86_64.iso, b21a7d4
- create a new vm with following settings [20gb harddisk, 8gb ram, boot from photon-5.0-b21a7d438.x86_64.iso, mbr boot]
- Ph6 setup: Install, Accept EULA, 20gb disk, Photon minimal, configure network automatically, VMware hypervisor optimised, apply STIG hardening yes, hostname, password twice, finish. Installation finishes successfully.
- reboot.
--
Workstation vmware.log
Expected behavior
successful setup
Additional context
Observations
Case 1: Kernel: generic, STIG hardening: no
login window appears.
The kauditd hold queue overflow warning can be solved e.g. by adding audit_backlog_limit=8192 to /boot/photon.cfg.
if ! grep -q 'audit_backlog_limit=8192' /boot/photon.cfg; then
sed -i.bak 's/audit=1/audit=1 audit_backlog_limit=8192/' /boot/photon.cfg
fi
Case 2: Kernel: generic, STIG hardening: yes
login window appears.
Case 2b: Kernel: generic, STIG hardening: yes, firmware type switched to uefi
login window appears.
Case 3: Kernel: VMware hypervisor-optimised, STIG hardening: no
login window appears.
