Uploaded image for project: 'RHEL'
  1. RHEL
  2. RHEL-61184

[RHEL9]: clevis: v21 breaks tang functionality at boot time

    • clevis-21-202.el9
    • No
    • Critical
    • 1
    • sst_security_special_projects
    • ssg_security
    • None
    • False
    • Hide

      None

      Show
      None
    • None
    • Red Hat Enterprise Linux
    • SECENGSP Cycle 10
    • None

      As it has been discovered in v21, recent PKCS#11 changes are breaking Tang functionality at boot time.

      For more information about failing scenario, please check next links:
      https://github.com/cockpit-project/cockpit/issues/21048
      https://bodhi.fedoraproject.org/updates/FEDORA-2024-5f97e1176b

       

      Steps to reproduce

      1. Install clevis-21-1.el9.x86_64
      2. Configure clevis to use tang pin and execute dracut
      3. Reboot machine

      Expected results

      Clevis should boot automatically

      Actual results

      Machine gets blocked with message: "Detected empty PKCS#11 device, redetect (Y/N)?:"

            pkoncity2 Patrik Končitý
            sarroutb@redhat.com Sergio Arroutbi
            Sergio Correia Sergio Correia
            SSG Security QE SSG Security QE
            Votes:
            0 Vote for this issue
            Watchers:
            10 Start watching this issue

              Created:
              Updated: