I have a Dell PowerEdge R7425 with Intel NVME P4500/P4510 NVME drives.
On the 3.10 kernel, the NVME drives throw I/O errors very frequently, and these errors have led to a system halt once already.
I decided to test a newer kernel from the elrepo, and this seemed to resolved the NVME errors entirely.
However, the kernel will only boot when "fips=0" is set, which isn't acceptable to my organization.
When booting with "fips=1" in kernel options, the system fails the FIPS integrity test.
The following is displayed on the console prior to the system halting:
alg: skcipher: Failed to load transform for ecb (cast5): -2
The same skcipher message is also displayed for the following:
cbc, ctr, pcbc
Additionally, the following messages are displayed as well:
alg: hash: Failed to load transform for tgr192: -2
The same hash message is also displayed for the following:
tgr160, tgr128, sha3-224, sha3-256, sha3-384, sha3-512, sm3, xcbc, vmac64, and hmac.
finally, the following is displayed:
tcrypt: one or more tests failed!
dracut: FATAL: FIPS integrity test failed
dracut: Refusing to continue
This has been tested with the following kernels:
4.4.169-1.el7.elrepo.x86_64
4.19.12-1.el7.elrepo.x86_64
The following RPMs for dracut and fips are installed:
dracut-network-033-535.el7.x86_64
dracut-fips-033-535.el7.x86_64
dracut-config-rescue-033-535.el7.x86_64
dracut-033-535.el7.x86_64
fipscheck-lib-1.4.1-6.el7.x86_64
fipscheck-1.4.1-6.el7.x86_64
The following is in /etc/dracut.conf:
omit_dracutmodules+="systemd"
add_dracutmodules+="fips "
