dracut/0053-01fips-fixup-loading-issues.patch

Index: dracut-037/modules.d/01fips/module-setup.sh
===================================================================
--- dracut-037.orig/modules.d/01fips/module-setup.sh
+++ dracut-037/modules.d/01fips/module-setup.sh
@@ -18,8 +18,12 @@ installkernel() {
     _fipsmodules="aead aes_generic aes-x86_64 ansi_cprng arc4 blowfish camellia cast6 cbc ccm "
     _fipsmodules+="chainiv crc32c crct10dif_generic cryptomgr crypto_null ctr cts deflate des des3_ede dm-crypt dm-mod "
     _fipsmodules+="ecb eseqiv fcrypt gcm ghash_generic hmac khazad lzo md4 md5 michael_mic rmd128 "
-    _fipsmodules+="rmd160 rmd256 rmd320 rot13 salsa20 seed seqiv serpent sha1 sha224 sha256 sha256_generic "
-    _fipsmodules+="sha384 sha512 sha512_generic tcrypt tea tnepres twofish wp256 wp384 wp512 xeta xtea xts zlib"
+    _fipsmodules+="rmd160 rmd256 rmd320 salsa20 seed seqiv serpent sha1 sha224 sha256 sha256_generic "
+    _fipsmodules+="sha384 sha512 sha512_generic tcrypt tea tnepres twofish wp256 wp384 wp512 xeta xtea xts zlib "
+    _fipsmodules+="sha512-ssse3 sha1-ssse3 sha256-ssse3 "
+    _fipsmodules+="ghash-clmulni-intel "
+
+    # once it is in the kernel: _fipsmodules+="drbg "
 
     mkdir -m 0755 -p "${initdir}/etc/modprobe.d"
 
@@ -44,7 +48,9 @@ install() {
         libsoftokn3.chk libfreebl3.so libfreebl3.chk \
         libssl.so 'hmaccalc/sha512hmac.hmac' libssl.so.10
 
-    inst_multiple -o prelink
+    # we do not use prelink at SUSE
+    #inst_multiple -o prelink
+
     inst_simple /etc/system-fips
 }
 
Index: dracut-037/modules.d/01fips/fips.sh
===================================================================
--- dracut-037.orig/modules.d/01fips/fips.sh
+++ dracut-037/modules.d/01fips/fips.sh
@@ -100,6 +100,18 @@ do_fips()
                     _found=1
                     break
                 done </proc/crypto
+                # If we find some hardware specific modules and cannot load them
+                # it is not a problem, proceed.
+                if [ "$_found" = "0" ]; then
+                    if [    "$_module" != "${_module%-intel}"   \
+                        -o  "$_module" != "${_module%-ssse3}"   \
+                        -o  "$_module" != "${_module%-x86_64}"  \
+                        -o  "$_module" != "${_module%z90}"      \
+                    ]; then
+                        _found=1
+                    fi
+                fi
+                
                 [ "$_found" = "0" ] && return 1
             fi
         fi
Accepting request 236026 from home:msmeissn:branches:Base:System - dracut-fips-module-loading-fixes.patch: bnc#875855 - adjust FIPS module list - on architecture specific modules, failing loading is not critical - ship 98selinux, for people that want to use SELinux. OBS-URL: https://build.opensuse.org/request/show/236026 OBS-URL: https://build.opensuse.org/package/show/Base:System/dracut?expand=0&rev=153 2014-06-02 11:47:31 +00:00			`Index: dracut-037/modules.d/01fips/module-setup.sh`
			`===================================================================`
			`--- dracut-037.orig/modules.d/01fips/module-setup.sh`
			`+++ dracut-037/modules.d/01fips/module-setup.sh`
			`@@ -18,8 +18,12 @@ installkernel() {`
			`_fipsmodules="aead aes_generic aes-x86_64 ansi_cprng arc4 blowfish camellia cast6 cbc ccm "`
			`_fipsmodules+="chainiv crc32c crct10dif_generic cryptomgr crypto_null ctr cts deflate des des3_ede dm-crypt dm-mod "`
			`_fipsmodules+="ecb eseqiv fcrypt gcm ghash_generic hmac khazad lzo md4 md5 michael_mic rmd128 "`
			`- _fipsmodules+="rmd160 rmd256 rmd320 rot13 salsa20 seed seqiv serpent sha1 sha224 sha256 sha256_generic "`
			`- _fipsmodules+="sha384 sha512 sha512_generic tcrypt tea tnepres twofish wp256 wp384 wp512 xeta xtea xts zlib"`
			`+ _fipsmodules+="rmd160 rmd256 rmd320 salsa20 seed seqiv serpent sha1 sha224 sha256 sha256_generic "`
			`+ _fipsmodules+="sha384 sha512 sha512_generic tcrypt tea tnepres twofish wp256 wp384 wp512 xeta xtea xts zlib "`
			`+ _fipsmodules+="sha512-ssse3 sha1-ssse3 sha256-ssse3 "`
			`+ _fipsmodules+="ghash-clmulni-intel "`
			`+`
			`+ # once it is in the kernel: _fipsmodules+="drbg "`

			`mkdir -m 0755 -p "${initdir}/etc/modprobe.d"`

			`@@ -44,7 +48,9 @@ install() {`
			`libsoftokn3.chk libfreebl3.so libfreebl3.chk \`
			`libssl.so 'hmaccalc/sha512hmac.hmac' libssl.so.10`

			`- inst_multiple -o prelink`
			`+ # we do not use prelink at SUSE`
			`+ #inst_multiple -o prelink`
			`+`
			`inst_simple /etc/system-fips`
			`}`

			`Index: dracut-037/modules.d/01fips/fips.sh`
			`===================================================================`
			`--- dracut-037.orig/modules.d/01fips/fips.sh`
			`+++ dracut-037/modules.d/01fips/fips.sh`
			`@@ -100,6 +100,18 @@ do_fips()`
			`_found=1`
			`break`
			`done </proc/crypto`
			`+ # If we find some hardware specific modules and cannot load them`
			`+ # it is not a problem, proceed.`
			`+ if [ "$_found" = "0" ]; then`
			`+ if [ "$_module" != "${_module%-intel}" \`
			`+ -o "$_module" != "${_module%-ssse3}" \`
			`+ -o "$_module" != "${_module%-x86_64}" \`
			`+ -o "$_module" != "${_module%z90}" \`
			`+ ]; then`
			`+ _found=1`
			`+ fi`
			`+ fi`
			`+`
			`[ "$_found" = "0" ] && return 1`
			`fi`
			`fi`