[Bug 1893985] [NEW] Latest Azure optimised fips-updates kernel 4.15.0-2007-azure-fips leaves instance in unbootable state

Wed, 02 Sep 2020 11:56:11 -0700 

Public bug reported:

In Azure, updating an instance to the latest Azure optimised fips-
updates kernel (4.15.0-2007-azure-fips) leaves the system in an
unbootable state.

The serial console shows the following and reboots:

Checking kernel image: /boot/vmlinuz-4.15.0-2007-azure-fips
Kernel integrity check failed
Rebooting automatically due to panic= boot argument

This is with the instance type Standard D2s v3

Steps to reproduce (with the UA client in Ubuntu Pro):

-Launch an Ubuntu Pro 18.04 instance on AWS on a Standard D2s v3
instance

sudo add-apt-repository ppa:canonical-server/ua-client-daily --yes
sudo apt install ubuntu-advantage-tools ubuntu-advantage-pro --yes
sudo ua disable livepatch
sudo ua enable fips-updates --beta
sudo apt install linux-azure-fips

KERNEL=$(awk -F"'" '/menuentry.*azure-fips/ { print $(NF-1); exit }'
/boot/grub/grub.cfg)

sudo tee /etc/default/grub.d/99-fips.cfg << __EOF__
GRUB_DEFAULT="Advanced options for Ubuntu>$KERNEL"
GRUB_CMDLINE_LINUX_DEFAULT="\$GRUB_CMDLINE_LINUX_DEFAULT fips=1" 
__EOF__

sudo update-grub
sudo reboot

-Look at serial console in Azure Portal

Attaching screenshot of error before kernel panic and auto reboot.

Here is the list of packages installed with the action:

base-files amd64 10.1ubuntu2.9
libpam0g amd64 1.1.8-3.6ubuntu2.18.04.2
libpam-modules-bin amd64 1.1.8-3.6ubuntu2.18.04.2
libpam-modules amd64 1.1.8-3.6ubuntu2.18.04.2
libnss-systemd amd64 237-3ubuntu10.42
libsystemd0 amd64 237-3ubuntu10.42
libpam-systemd amd64 237-3ubuntu10.42
systemd amd64 237-3ubuntu10.42
udev amd64 237-3ubuntu10.42
libudev1 amd64 237-3ubuntu10.42
kmod amd64 24-1ubuntu3.5
libkmod2 amd64 24-1ubuntu3.5
libpam-runtime all 1.1.8-3.6ubuntu2.18.04.2
systemd-sysv amd64 237-3ubuntu10.42
python-samba amd64 2:4.7.6+dfsg~ubuntu-0ubuntu2.18
samba-common-bin amd64 2:4.7.6+dfsg~ubuntu-0ubuntu2.18
samba-common all 2:4.7.6+dfsg~ubuntu-0ubuntu2.18
samba-libs amd64 2:4.7.6+dfsg~ubuntu-0ubuntu2.18
libwbclient0 amd64 2:4.7.6+dfsg~ubuntu-0ubuntu2.18
iproute2 amd64 4.15.0-2ubuntu1.2
libisc-export169 amd64 1:9.11.3+dfsg-1ubuntu1.13
libdns-export1100 amd64 1:9.11.3+dfsg-1ubuntu1.13
libirs160 amd64 1:9.11.3+dfsg-1ubuntu1.13
bind9-host amd64 1:9.11.3+dfsg-1ubuntu1.13
dnsutils amd64 1:9.11.3+dfsg-1ubuntu1.13
libbind9-160 amd64 1:9.11.3+dfsg-1ubuntu1.13
libisccfg160 amd64 1:9.11.3+dfsg-1ubuntu1.13
libisccc160 amd64 1:9.11.3+dfsg-1ubuntu1.13
libdns1100 amd64 1:9.11.3+dfsg-1ubuntu1.13
libisc169 amd64 1:9.11.3+dfsg-1ubuntu1.13
liblwres160 amd64 1:9.11.3+dfsg-1ubuntu1.13
libpcap0.8 amd64 1.8.1-6ubuntu1.18.04.2
libx11-data all 2:1.6.4-3ubuntu0.3
libx11-6 amd64 2:1.6.4-3ubuntu0.3
grub-efi-amd64 amd64 2.02-2ubuntu8.18
grub2-common amd64 2.02-2ubuntu8.18
shim-signed amd64 1.37~18.04.6+15+1533136590.3beb971-0ubuntu1
grub-efi-amd64-signed amd64 1.93.20+2.02-2ubuntu8.18
grub-efi-amd64-bin amd64 2.02-2ubuntu8.18
grub-pc-bin amd64 2.02-2ubuntu8.18
grub-common amd64 2.02-2ubuntu8.18
libgssapi-krb5-2 amd64 1.16-2ubuntu0.1+esm1
python3-problem-report all 2.20.9-0ubuntu7.17
python3-apport all 2.20.9-0ubuntu7.17
apport all 2.20.9-0ubuntu7.17
bcache-tools amd64 1.0.8-2ubuntu0.18.04.1
curl amd64 7.58.0-2ubuntu3.10
libcurl4 amd64 7.58.0-2ubuntu3.10
libcurl3-gnutls amd64 7.58.0-2ubuntu3.10
linux-modules-5.4.0-1023-azure amd64 5.4.0-1023.23~18.04.1
linux-image-5.4.0-1023-azure amd64 5.4.0-1023.23~18.04.1
libkrb5-3 amd64 1.16-2ubuntu0.1+esm1
libkrb5support0 amd64 1.16-2ubuntu0.1+esm1
libk5crypto3 amd64 1.16-2ubuntu0.1+esm1
krb5-locales all 1.16-2ubuntu0.1+esm1
linux-modules-4.15.0-2007-azure-fips amd64 4.15.0-2007.8
linux-modules-extra-5.4.0-1023-azure amd64 5.4.0-1023.23~18.04.1
linux-azure amd64 5.4.0.1023.7
linux-image-azure amd64 5.4.0.1023.7
linux-azure-5.4-headers-5.4.0-1023 all 5.4.0-1023.23~18.04.1
linux-image-4.15.0-2007-azure-fips amd64 4.15.0-2007.8
linux-headers-5.4.0-1023-azure amd64 5.4.0-1023.23~18.04.1
linux-headers-azure amd64 5.4.0.1023.7
linux-tools-common all 4.15.0-115.116
linux-azure-5.4-tools-5.4.0-1023 amd64 5.4.0-1023.23~18.04.1
linux-azure-fips amd64 4.15.0.2007.7
linux-image-azure-fips amd64 4.15.0.2007.7
linux-azure-fips-headers-4.15.0-2007 all 4.15.0-2007.8
linux-tools-5.4.0-1023-azure amd64 5.4.0-1023.23~18.04.1
linux-tools-azure amd64 5.4.0.1023.7
linux-cloud-tools-common all 4.15.0-115.116
linux-azure-5.4-cloud-tools-5.4.0-1023 amd64 5.4.0-1023.23~18.04.1
linux-cloud-tools-5.4.0-1023-azure amd64 5.4.0-1023.23~18.04.1
linux-cloud-tools-azure amd64 5.4.0.1023.7
software-properties-common all 0.96.24.32.14
python3-software-properties all 0.96.24.32.14
linux-headers-4.15.0-2007-azure-fips amd64 4.15.0-2007.8
linux-headers-azure-fips amd64 4.15.0.2007.7
linux-azure-fips-tools-4.15.0-2007 amd64 4.15.0-2007.8
linux-tools-4.15.0-2007-azure-fips amd64 4.15.0-2007.8
linux-tools-azure-fips amd64 4.15.0.2007.7
linux-azure-fips-cloud-tools-4.15.0-2007 amd64 4.15.0-2007.8
linux-cloud-tools-4.15.0-2007-azure-fips amd64 4.15.0-2007.8
linux-cloud-tools-azure-fips amd64 4.15.0.2007.7
linux-image-unsigned-hmac-4.15.0-2007-azure-fips amd64 4.15.0-2007.8

** Affects: linux (Ubuntu)
     Importance: Undecided
         Status: New

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1893985

Title:
  Latest Azure optimised fips-updates kernel 4.15.0-2007-azure-fips
  leaves instance in unbootable state

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1893985/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

Reply via email to