-
Bug
-
Resolution: Unresolved
-
Critical
-
rhel-10.0
-
clevis-21-2.el10
-
No
-
Critical
-
1
-
rhel-sst-security-special-projects
-
ssg_security
-
13
-
None
-
False
-
-
Yes
-
Red Hat Enterprise Linux
-
SECENGSP Cycle 10
-
Pass
-
Automated
-
Unspecified Release Note Type - Unknown
-
None
As it has been discovered in v21, recent PKCS#11 changes are breaking Tang functionality at boot time.
For more information about failing scenario, please check next links:
https://github.com/cockpit-project/cockpit/issues/21048
https://bodhi.fedoraproject.org/updates/FEDORA-2024-5f97e1176b
Steps to reproduce
- Install clevis-21-1.el10.x86_64
- Configure clevis to use tang pin and execute dracut
- Reboot machine
Expected results
Clevis should boot automatically
Actual results
Machine gets blocked with message: "Detected empty PKCS#11 device, redetect (Y/N)?:"
- clones
-
RHEL-61184 [RHEL9]: clevis: v21 breaks tang functionality at boot time
- Release Pending
- links to
-
RHBA-2024:139485 clevis bug fix and enhancement update