All Products
Search
Document Center

Alibaba Cloud Linux:What do I do if the "integrity: Unable to open file" error messages appear in the kernel logs of an ECS instance that runs Alibaba Cloud Linux 2?

Last Updated:Apr 01, 2026

These messages are harmless. The Alibaba Cloud Linux 2 kernel has the CONFIG_IMA_LOAD_X509 and CONFIG_EVM_LOAD_X509 features enabled, which cause the Integrity Measurement Architecture (IMA) and Extended Verification Module (EVM) subsystems to look for X.509 certificate files at startup. On instances that are not trusted systems, those files are absent, so the kernel logs the error and continues. No functionality is affected.

Affected versions

  • ECS image: aliyun_2_1903_x64_20G_alibase_20200529.vhd and later

  • Kernel: kernel-4.19.91-19.1.al7 and later (run uname -r to check your kernel version)

Error details

When you run dmesg, you may see:

[    2.960294] integrity: Unable to open file: /etc/keys/x509_ima.der (-2)
[    2.960295] integrity: Unable to open file: /etc/keys/x509_evm.der (-2)

The kernel integrity subsystem is configured to load X.509 certificates from these paths:

CONFIG_IMA_X509_PATH="/etc/keys/x509_ima.der"
CONFIG_EVM_X509_PATH="/etc/keys/x509_evm.der"

On non-trusted systems, those certificate files are absent. The issue is only related to configurations and does not affect the operating system.

Solution

No action is required. You can ignore the error messages.

To determine whether your instance is a trusted system, run:

ll /dev/tpm*
OutputMeaning
/dev/tpm0 or /dev/tpmrm0 is listedThe instance is a trusted system. Certificate files are present and no errors appear at boot.
Neither device is listedThe instance is not a trusted system. The error messages appear at boot but do not affect the operating system.