Be weary of the latest kernel update as it has a conflict with the kernel option “ fips=1 ”.
The kernel 4.18.0-240.22.1 specifically is the kernel that has a conflict with fips=1 being set.
With kernel-4.18.0-240.22.1 , If you alter the kernel parameter at the GRUB menu from fips=1 to fips=0 and boot, the machine will boot.
If you boot off of the older kernel-4.18.0-240 with fips=1 set there still is no problem booting and logging into the gui.
thanks @warron.french. have you seen this 0000062: Cannot boot with fips-mode enabled with kernel kernel-4.18.0-240.22.1.el8_3.x86_64 - AlmaLinux Bug Tracker?
Not sure if that was you that reported it on the bug tracker or not but it seems like vmlinuz-4.18.0-240.22.1.el8_3.x86_64.hmac file wasn’t created correctly during the kernel build and that we’ve already corrected that in the build system.
No sir, that was not me. I actually found information on the Red Hat Access Portal that touched on the exact same error, but for a RHEL7 kernel-3.10.0.
To be honest, I did not know about the AlmaLinux BugTracker. Now I am aware of it, but how would I access that generally speaking because I do not remember seeing a link or mention of it.
@jack do I need to: 1) download a new ISO and then rebuild from the newer ISO, or can I 2)rebuild with AlmaLinux 8.3 with my already downloaded ISO from two weeks ago machine and upgrade successfully to kernel-4.18.0-240.22.1?
I tried a rebuild last night with the two-week-old ISO and upgraded again. I just rebooted, finally, and the machine still has the FATAL: FIPS integrity test failed.
I tried to do what this Red Hat Access article (https://access.redhat.com/solutions/3552141) suggested, changing for kernel versions, but it did not work.
I also found this article (https://www.suse.com/support/kb/doc/?id=000018548) for the same problem with openSUSE, it also did not work.
Then I read the bug tracker page (https://bugs.almalinux.org/view.php?id=62), which in conjunction with the Red Hat Access Portal link mentioned above and finishing with this syntax from the Bug Tracker I was able to get my machine to boot without issue (permanently).
This was the command I used to polish off the solution:
sha512hmac /boot/vmlinuz-4.18.0-240.22.1.el8_3.x86_64 > /boot/.vmlinuz-4.18.0-240.22.1.el8_3.x86_64.hmac
Total solution is:
Red Hat Source (https://access.redhat.com/solutions/3552141)
# rpm2cpio /mnt/Packages/kernel-4.18.0-240.22.1.el8_3.x86_64.rpm | cpio -iv --to-stdout ./boot/.vmlinuz-4.18.0-240.22.1.el8_3.x86_64.hmac > /boot/.vmlinuz-4.18.0-240.22.1.el8_3.x86_64.hmac
# rpm2cpio /mnt/Packages/kernel-4.18.0-240.22.1.el8_3.x86_64.rpm | cpio -iv --to-stdout ./boot/vmlinuz-4.18.0-240.22.1.el8_3.x86_64 > /boot/vmlinuz-4.18.0-240.22.1.el8_3.x86_64
Then execute from AlmaLinux Bug Tracker (https://bugs.almalinux.org/view.php?id=62)
sha512hmac /boot/vmlinuz-4.18.0-240.22.1.el8_3.x86_64 > /boot/.vmlinuz-4.18.0-240.22.1.el8_3.x86_64.hmac