pool/dracut
SHA256
2
0
Fork 1
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
11268df032
dracut/0053-01fips-fixup-loading-issues.patch
Thomas Renninger 9f28177407 Accepting request 293267 from home:trenn:branches:Base:System 
- Update to dracut mainline version 041.
  Half of the patches got integrated mainline.
  Some others have been merged together when it made sense some have
  been left out, but are still in the repository as they need some special
  treating and mainline discussion whether/how they get added. These are
  also not urgently needed, but are debugging patches.
  I broke the rule here to mention every added/deleted/modified patch as
  every patch is touched and every 2nd  got removed (mainline integrated).
  I also re-ordered the patches in the PatchXY: area for easier merging them
  and get them discussed and posted mainline easier, topic by topic.

OBS-URL: https://build.opensuse.org/request/show/293267
OBS-URL: https://build.opensuse.org/package/show/Base:System/dracut?expand=0&rev=214
2015-03-31 14:12:12 +00:00

69 lines
3.0 KiB
Diff
Raw Blame History

From c0fd9c31e9044b99edb850c4af229887b616e828 Mon Sep 17 00:00:00 2001
From: Hannes Reinecke <hare@suse.de>
Date: Mon, 2 Jun 2014 15:02:04 +0200
Subject: [PATCH] 01fips: fixup loading issues
Adjust the FIPS module list to avoid loading issues
References: bnc#875855
Signed-off-by: Marcus Meissner <meissner@suse.de>
---
modules.d/01fips/fips.sh | 12 ++++++++++++
modules.d/01fips/module-setup.sh | 12 +++++++++---
2 files changed, 21 insertions(+), 3 deletions(-)
Index: dracut-041/modules.d/01fips/fips.sh
===================================================================
--- dracut-041.orig/modules.d/01fips/fips.sh 2015-01-31 12:54:52.000000000 +0100
+++ dracut-041/modules.d/01fips/fips.sh 2015-03-17 12:57:54.755887866 +0100
@@ -98,6 +98,18 @@
_found=1
break
done </proc/crypto
+ # If we find some hardware specific modules and cannot load them
+ # it is not a problem, proceed.
+ if [ "$_found" = "0" ]; then
+ if [ "$_module" != "${_module%-intel}" \
+ -o "$_module" != "${_module%-ssse3}" \
+ -o "$_module" != "${_module%-x86_64}" \
+ -o "$_module" != "${_module%z90}" \
+ ]; then
+ _found=1
+ fi
+ fi
+
[ "$_found" = "0" ] && return 1
fi
fi
Index: dracut-041/modules.d/01fips/module-setup.sh
===================================================================
--- dracut-041.orig/modules.d/01fips/module-setup.sh 2015-03-17 12:57:54.439870155 +0100
+++ dracut-041/modules.d/01fips/module-setup.sh 2015-03-17 12:57:54.755887866 +0100
@@ -16,8 +16,12 @@
_fipsmodules="aead aes_generic aes-x86_64 ansi_cprng arc4 blowfish camellia cast6 cbc ccm "
_fipsmodules+="chainiv crc32c crct10dif_generic cryptomgr crypto_null ctr cts deflate des des3_ede dm-crypt dm-mod drbg "
_fipsmodules+="ecb eseqiv fcrypt gcm ghash_generic hmac khazad lzo md4 md5 michael_mic rmd128 "
- _fipsmodules+="rmd160 rmd256 rmd320 rot13 salsa20 seed seqiv serpent sha1 sha224 sha256 sha256_generic "
- _fipsmodules+="sha384 sha512 sha512_generic tcrypt tea tnepres twofish wp256 wp384 wp512 xeta xtea xts zlib"
+ _fipsmodules+="rmd160 rmd256 rmd320 salsa20 seed seqiv serpent sha1 sha224 sha256 sha256_generic "
+ _fipsmodules+="sha384 sha512 sha512_generic tcrypt tea tnepres twofish wp256 wp384 wp512 xeta xtea xts zlib "
+ _fipsmodules+="sha512-ssse3 sha1-ssse3 sha256-ssse3 "
+ _fipsmodules+="ghash-clmulni-intel "
+
+ # once it is in the kernel: _fipsmodules+="drbg "
mkdir -m 0755 -p "${initdir}/etc/modprobe.d"
@@ -43,7 +47,9 @@
libssl.so 'hmaccalc/sha512hmac.hmac' libssl.so.10 \
libfreeblpriv3.so libfreeblpriv3.chk
- inst_multiple -o prelink
+ # we do not use prelink at SUSE
+ #inst_multiple -o prelink
+
inst_simple /etc/system-fips
}
Reference in New Issue View Git Blame Copy Permalink