Is the machine accessible from the network? Sorry, it wasn't clear from before that this wasn't a bfu (where you might see this bug).
if it's not, I'll let you know what information we need to further debug this. Valerie On Mon, 23 Nov 2009, James Litchfield wrote: > This was a full install. There were no > changes to kcf.conf. > > ----------Original Message---------- > > From: Valerie Bubb Fenwick <Valerie.Fenwick at Sun.COM> > Sent: Mon, November 23, 2009 9:47 AM > To: James Litchfield <James.Litchfield at Sun.COM> > Cc: security-discuss at opensolaris.org > Subject: Re: b128 startup errors > > > Hi Jim - > > Did you see Tony's response to your earlier request? You may > have hit a flag day (which, unfortunately, aren't showing > up on either the internal or external websites right now). > > Did you enable fips? ie, what is the content (other than > comments) of your /etc/crypto/kcf.conf ? (I know you say > no customizations, but there was an earlier bug where > a few people enabled FIPS mode to get around this). > > The most important error in there is that kcfd isn't starting > (which we've seen recently is due to this configuration variable > moving). kcfd does the scheduling, so nothing will really work > without it. :( > > Valerie > > On Mon, 23 Nov 2009, James Litchfield wrote: > >> Any ideas as to what's going on here? >> >> Jim >> ---- >> Tecra M5 (TCM enabled in BIOS) >> Full install. No /etc/crypto/kcf.conf customizations. >> >> Nov 22 20:31:26 jlaptop kcf: [ID 949968 kern.warning] WARNING: Module >> verification door upcall failed for /kernel/crypto/amd64/arcfour. errno = 4 >> Nov 22 20:31:27 jlaptop genunix: [ID 454863 kern.info] dump on >> /dev/zvol/dsk/rpool/dump size 1024 MB >> Nov 22 20:31:27 jlaptop svc.startd[7]: [ID 652011 daemon.warning] >> svc:/system/cryptosvc:default: Method "/sbin/cryptoadm start" failed with >> exit status 2. >> Nov 22 20:31:27 jlaptop kcf: [ID 949968 kern.warning] WARNING: Module >> verification door upcall failed for /kernel/crypto/amd64/aes. errno = 4 >> Nov 22 20:31:28 jlaptop svc.startd[7]: [ID 652011 daemon.warning] >> svc:/system/cryptosvc:default: Method "/sbin/cryptoadm start" failed with >> exit status 2. >> .... >> Nov 22 20:32:33 jlaptop fmd[1417]: [ID 428998 user.error] libpkcs11: >> door_call of door_file /etc/svc/volatile/kcfd_door failed with error Bad file >> number. >> >> >> _______________________________________________ >> security-discuss mailing list >> security-discuss at opensolaris.org >> > > Valerie -- Valerie Fenwick, http://blogs.sun.com/bubbva/ @bubbva Solaris Security Technologies, Developer, Sun Microsystems, Inc. 17 Network Circle, Menlo Park, CA, 94025.
