[SOLVED] Kernel upgrade trouble.
[SOLVED] Kernel upgrade trouble.
CentOS 6.8
On second computer after 'yum update -y' (new kernel kernel-2.6.32-642.13.1.el6.x86_64 was installed during upgrade) on boot kernel fails to load all modules from initramfs with message like:
FATAL: Error inserting <module name> (<module path>): Key was rejected by service.
I tried to boot previous versions of kernel but they also fail with the same errors.
Fresh installation of CentOS 6.8 and upgrade do not reproduce the problem.
'Secure boot' is not enabled (first computer has no UEFI bios).
AFAIK this messages correspond to module signing. What could enabled it?
TIA
On second computer after 'yum update -y' (new kernel kernel-2.6.32-642.13.1.el6.x86_64 was installed during upgrade) on boot kernel fails to load all modules from initramfs with message like:
FATAL: Error inserting <module name> (<module path>): Key was rejected by service.
I tried to boot previous versions of kernel but they also fail with the same errors.
Fresh installation of CentOS 6.8 and upgrade do not reproduce the problem.
'Secure boot' is not enabled (first computer has no UEFI bios).
AFAIK this messages correspond to module signing. What could enabled it?
TIA
Last edited by kd2017 on 2017/01/18 11:46:19, edited 1 time in total.
Re: Kernel upgrade trouble.
As far as I know, module signing is only used on systems using secure boot.
The future appears to be RHEL or Debian. I think I'm going Debian.
Info for USB installs on http://wiki.centos.org/HowTos/InstallFromUSBkey
CentOS 5 and 6 are deadest, do not use them.
Use the FAQ Luke
Info for USB installs on http://wiki.centos.org/HowTos/InstallFromUSBkey
CentOS 5 and 6 are deadest, do not use them.
Use the FAQ Luke
Re: Kernel upgrade trouble.
I've just checked once more.
In BIOS:
Secure boot state - disabled
Platform Keys (PK) - unloaded
OS Type - Other OS
First lines of kernel output right after grub messages:
Module signature verification failed
Error inserting dm_mod (/lib/modules/2.6.32-642.13.1.el6.x86_64/kernel/drivers/md/dm-mod.ko): Key was rejected by service
Module signature verification failed
Module signature verification failed
Module signature verification failed
In BIOS:
Secure boot state - disabled
Platform Keys (PK) - unloaded
OS Type - Other OS
First lines of kernel output right after grub messages:
Module signature verification failed
Error inserting dm_mod (/lib/modules/2.6.32-642.13.1.el6.x86_64/kernel/drivers/md/dm-mod.ko): Key was rejected by service
Module signature verification failed
Module signature verification failed
Module signature verification failed
Re: Kernel upgrade trouble.
Next episode:
I've just cloned one of my virtual machines, updated it and caught the same problem.
Coping /boot/initramfs-2.6.32-642.13.1.el6.x86_64.img from freshly installed and updated system revived boot failure.
Hope any one can explain it...
I've just cloned one of my virtual machines, updated it and caught the same problem.
Coping /boot/initramfs-2.6.32-642.13.1.el6.x86_64.img from freshly installed and updated system revived boot failure.
Hope any one can explain it...
Re: Kernel upgrade trouble.
So it would appear to be a problem with the initramfs. Are you out of space on /boot perhaps?
The future appears to be RHEL or Debian. I think I'm going Debian.
Info for USB installs on http://wiki.centos.org/HowTos/InstallFromUSBkey
CentOS 5 and 6 are deadest, do not use them.
Use the FAQ Luke
Info for USB installs on http://wiki.centos.org/HowTos/InstallFromUSBkey
CentOS 5 and 6 are deadest, do not use them.
Use the FAQ Luke
Re: Kernel upgrade trouble.
Yes, it's really problem with initramfs. No, all systems have a lot of space in /boot (checked).
I've found that the only affecting difference between working and failed initramfs is _striping_: dracut -f --nostrip produces working initramfs.
I've added do_strip=no to the end of /etc/dracut.conf, removed new kernel and run 'yum update kernel' again.
Now system boots correctly.
I've found that the only affecting difference between working and failed initramfs is _striping_: dracut -f --nostrip produces working initramfs.
I've added do_strip=no to the end of /etc/dracut.conf, removed new kernel and run 'yum update kernel' again.
Code: Select all
# Sample dracut config file
# Specific list of dracut modules to use
#dracutmodules+=""
# Dracut modules to omit
#omit_dracutmodules+=""
# Dracut modules to add to the default
#add_dracutmodules+=""
# additional kernel modules to the default
#add_drivers+=""
# list of kernel filesystem modules to be included in the generic initramfs
#filesystems+=""
# build initrd only to boot current hardware
#hostonly="yes"
#
# install local /etc/mdadm.conf
mdadmconf="yes"
# install local /etc/lvm/lvm.conf
lvmconf="yes"
#
do_strip=no
Re: [SOLVED] Kernel upgrade trouble.
Important addition
All affected machines had the 'binutils' port updated to 2.27 version (backported from Fedora by request from development). CentOS binutils 2.20 works without any problem.
All affected machines had the 'binutils' port updated to 2.27 version (backported from Fedora by request from development). CentOS binutils 2.20 works without any problem.
Re: [SOLVED] Kernel upgrade trouble.
Which would be one of the reasons why we always tell people who ask "is it safe to run Fedora packages on CentOS" that, no, it isn't.
The future appears to be RHEL or Debian. I think I'm going Debian.
Info for USB installs on http://wiki.centos.org/HowTos/InstallFromUSBkey
CentOS 5 and 6 are deadest, do not use them.
Use the FAQ Luke
Info for USB installs on http://wiki.centos.org/HowTos/InstallFromUSBkey
CentOS 5 and 6 are deadest, do not use them.
Use the FAQ Luke