Uploaded image for project: 'RHEL'
  1. RHEL
  2. RHEL-61184

[RHEL9]: clevis: v21 breaks tang functionality at boot time

XMLWordPrintable

    • clevis-21-202.el9
    • No
    • Critical
    • 1
    • rhel-sst-security-special-projects
    • ssg_security
    • None
    • False
    • Hide

      None

      Show
      None
    • None
    • Red Hat Enterprise Linux
    • SECENGSP Cycle 10
    • None

      As it has been discovered in v21, recent PKCS#11 changes are breaking Tang functionality at boot time.

      For more information about failing scenario, please check next links:
      https://github.com/cockpit-project/cockpit/issues/21048
      https://bodhi.fedoraproject.org/updates/FEDORA-2024-5f97e1176b

       

      Steps to reproduce

      1. Install clevis-21-1.el9.x86_64
      2. Configure clevis to use tang pin and execute dracut
      3. Reboot machine

      Expected results

      Clevis should boot automatically

      Actual results

      Machine gets blocked with message: "Detected empty PKCS#11 device, redetect (Y/N)?:"

              pkoncity2 Patrik Končitý
              sarroutb@redhat.com Sergio Arroutbi
              Sergio Correia Sergio Correia
              SSG Security QE SSG Security QE
              Votes:
              0 Vote for this issue
              Watchers:
              10 Start watching this issue

                Created:
                Updated: