[问题简述] 使用anolis-8.6-x86_64-minimal.iso该iso在物理机上装机,内核选用默认的anck: 4.19.91-26_rc3.an8.x86_64, 语言选择中文,iso系统装机成功后,reboot进入系统,检查dmesg -信息(dmesg -l err -T)显示integrity: Unable to open file: /etc/keys/x509_ima.der (-2) iso: anolis-8.6-x86_64-minimal.iso dmesg命令:dmesg -l err -T [期望结果] dmesg无异常信息 [实际结果] [root@localhost mnt]# dmesg -l err -T [Mon May 23 13:11:29 2022] integrity: Unable to open file: /etc/keys/x509_ima.der (-2) [Mon May 23 13:11:29 2022] integrity: Unable to open file: /etc/keys/x509_evm.der (-2) [Mon May 23 13:11:37 2022] acpi_cpufreq: acpi_cpufreq: failed to register hotplug callbacks [Mon May 23 13:11:37 2022] ipmi_si dmi-ipmi-si.0: IRQ index 0 not found [环境详情] [root@localhost mnt]# uname -r 4.19.91-26_rc3.an8.x86_64 [root@localhost mnt]# cd [root@localhost ~]# ll total 2310148 -rw-------. 1 root root 1161 May 23 11:11 anaconda-ks.cfg -rw-r--r-- 1 root root 2365587456 May 23 13:25 anolis-8.6-x86_64-minimal.iso [root@localhost ~]# uname -r 4.19.91-26_rc3.an8.x86_64 [root@localhost ~]# cat /etc/os-release NAME="Anolis OS" VERSION="8.6" ID="anolis" ID_LIKE="rhel fedora centos" VERSION_ID="8.6" PLATFORM_ID="platform:an8" PRETTY_NAME="Anolis OS 8.6" ANSI_COLOR="0;31" HOME_URL="https://openanolis.cn/" [root@localhost ~]# cat /proc/cmdline BOOT_IMAGE=(hd3,gpt2)/vmlinuz-4.19.91-26_rc3.an8.x86_64 root=/dev/mapper/ao00-root ro crashkernel=auto resume=/dev/mapper/ao00-swap rd.lvm.lv=ao00/root rd.lvm.lv=ao00/swap crashkernel=0M-2G:0M,2G-8G:192M,8G-:256M [root@localhost ~]# lscpu Architecture: x86_64 CPU op-mode(s): 32-bit, 64-bit Byte Order: Little Endian CPU(s): 16 On-line CPU(s) list: 0-15 Thread(s) per core: 1 Core(s) per socket: 8 Socket(s): 2 NUMA node(s): 2 Vendor ID: CentaurHauls BIOS Vendor ID: Zhaoxin CPU family: 7 Model: 59 Model name: ZHAOXIN KaiSheng KH-37800D@2.7GHz BIOS Model name: ZHAOXIN KaiSheng KH-37800D@2.7GHz Stepping: 14 CPU MHz: 2700.000 CPU max MHz: 2700.0000 CPU min MHz: 1200.0000 BogoMIPS: 5389.19 Virtualization: VT-x L1d cache: 32K L1i cache: 32K L2 cache: 4096K NUMA node0 CPU(s): 0-7 NUMA node1 CPU(s): 8-15 Flags: fpu vme de pse tsc msr pae mce cx8 apic sep mtrr pge mca cmov pat pse36 clflush acpi mmx fxsr sse sse2 ss ht tm pbe syscall nx pdpe1gb rdtscp lm constant_tsc arch_perfmon rep_good nopl xtopology nonstop_tsc cpuid pni pclmulqdq monitor vmx smx est tm2 ssse3 cx16 xtpr pcid sse4_1 sse4_2 movbe popcnt tsc_deadline_timer aes xsave avx f16c rdrand rng rng_en sm3 sm4 sm3_en sm4_en ace ace_en ace2 phe phe_en pmm pmm_en parallax rng2 rng2_en phe2 phe2_en rsa rsa_en lahf_lm abm 3dnowprefetch invpcid_single ibrs ibpb tpr_shadow vnmi ept vpid fsgsbase tsc_adjust bmi1 smep bmi2 invpcid rdseed adx sha_ni xsaveopt split_lock_detect dtherm ida umip arch_capabilities [root@localhost ~]# arch x86_64 [复现步骤] 使用anolis-8.6-x86_64-minimal.iso装机 reboot anolis-8.6-x86_64-minimal.iso
anolis7.9类似的有: https://bugzilla.openanolis.cn/show_bug.cgi?id=150
飞腾 的arm机型上有同样问题. 包括虚拟qcow2镜像中也有.
该问题已经有案例 https://help.aliyun.com/document_detail/184050.html 这并不是内核错误,Alibaba Cloud Linux 2内核开启了CONFIG_IMA_LOAD_X509和CONFIG_EVM_LOAD_X509特性,并且指定了以下配置: CONFIG_IMA_X509_PATH="/etc/keys/x509_ima.der" CONFIG_EVM_X509_PATH="/etc/keys/x509_evm.der" 这些配置为可信内核完整性子系统提供了所需的证书路径。如果不是可信系统, 这两个文件不会进行配置,也就会出现问题描述中打开文件失败的信息。
不需要修复. bug关闭.