Kernel-4.18.0-240.22.1 with fips=1 will not boot

Be weary of the latest kernel update as it has a conflict with the kernel option “ fips=1 ”.
The kernel 4.18.0-240.22.1 specifically is the kernel that has a conflict with fips=1 being set.

With kernel-4.18.0-240.22.1 , If you alter the kernel parameter at the GRUB menu from fips=1 to fips=0 and boot, the machine will boot.

If you boot off of the older kernel-4.18.0-240 with fips=1 set there still is no problem booting and logging into the gui.

thanks @warron.french. have you seen this 0000062: Cannot boot with fips-mode enabled with kernel kernel-4.18.0-240.22.1.el8_3.x86_64 - AlmaLinux Bug Tracker?

Not sure if that was you that reported it on the bug tracker or not but it seems like vmlinuz-4.18.0-240.22.1.el8_3.x86_64.hmac file wasn’t created correctly during the kernel build and that we’ve already corrected that in the build system.

No sir, that was not me. I actually found information on the Red Hat Access Portal that touched on the exact same error, but for a RHEL7 kernel-3.10.0.

To be honest, I did not know about the AlmaLinux BugTracker. Now I am aware of it, but how would I access that generally speaking because I do not remember seeing a link or mention of it.

@jack do I need to: 1) download a new ISO and then rebuild from the newer ISO, or can I 2)rebuild with AlmaLinux 8.3 with my already downloaded ISO from two weeks ago machine and upgrade successfully to kernel-4.18.0-240.22.1?

I tried a rebuild last night with the two-week-old ISO and upgraded again. I just rebooted, finally, and the machine still has the FATAL: FIPS integrity test failed.

I tried to do what this Red Hat Access article ( suggested, changing for kernel versions, but it did not work.

I also found this article ( for the same problem with openSUSE, it also did not work.

Then I read the bug tracker page (, which in conjunction with the Red Hat Access Portal link mentioned above and finishing with this syntax from the Bug Tracker I was able to get my machine to boot without issue (permanently).

This was the command I used to polish off the solution:
sha512hmac /boot/vmlinuz-4.18.0-240.22.1.el8_3.x86_64 > /boot/.vmlinuz-4.18.0-240.22.1.el8_3.x86_64.hmac

Total solution is:
Red Hat Source (

# rpm2cpio /mnt/Packages/kernel-4.18.0-240.22.1.el8_3.x86_64.rpm | cpio -iv --to-stdout ./boot/.vmlinuz-4.18.0-240.22.1.el8_3.x86_64.hmac > /boot/.vmlinuz-4.18.0-240.22.1.el8_3.x86_64.hmac

# rpm2cpio /mnt/Packages/kernel-4.18.0-240.22.1.el8_3.x86_64.rpm | cpio -iv --to-stdout ./boot/vmlinuz-4.18.0-240.22.1.el8_3.x86_64 > /boot/vmlinuz-4.18.0-240.22.1.el8_3.x86_64

Then execute from AlmaLinux Bug Tracker (

sha512hmac /boot/vmlinuz-4.18.0-240.22.1.el8_3.x86_64 > /boot/.vmlinuz-4.18.0-240.22.1.el8_3.x86_64.hmac