bb76751d8a
- Rediff patches to match git repository
- 95fcoe: Check for FCoE devices prior to binaries
* Modify 0055-95fcoe-Only-install-fcoe-module-if-required.patch
- 99base: Install chown instead of chgrp
* Modify 0052-99base-Add-chown-binary.patch
- 95iscsi: do not try to detect iSCSI firmware during booting;
should be handled via commandline parameter
* Modify 0030-95iscsi-Autodetect-iSCSI-firmware.patch
- Rename patch:
* old: 0051-mkinitrd-suse-add-update-booloader-message.patch
new: 0051-mkinitrd-suse-add-update-bootloader-message.patch
OBS-URL: https://build.opensuse.org/request/show/236229
OBS-URL: https://build.opensuse.org/package/show/Base:System/dracut?expand=0&rev=157
72 lines
2.8 KiB
Diff
72 lines
2.8 KiB
Diff
From c0fd9c31e9044b99edb850c4af229887b616e828 Mon Sep 17 00:00:00 2001
|
|
From: Hannes Reinecke <hare@suse.de>
|
|
Date: Mon, 2 Jun 2014 15:02:04 +0200
|
|
Subject: [PATCH] 01fips: fixup loading issues
|
|
|
|
Adjust the FIPS module list to avoid loading issues
|
|
|
|
References: bnc#875855
|
|
|
|
Signed-off-by: Marcus Meissner <meissner@suse.de>
|
|
---
|
|
modules.d/01fips/fips.sh | 12 ++++++++++++
|
|
modules.d/01fips/module-setup.sh | 12 +++++++++---
|
|
2 files changed, 21 insertions(+), 3 deletions(-)
|
|
|
|
diff --git a/modules.d/01fips/fips.sh b/modules.d/01fips/fips.sh
|
|
index 7fa48f1..07bd1da 100755
|
|
--- a/modules.d/01fips/fips.sh
|
|
+++ b/modules.d/01fips/fips.sh
|
|
@@ -100,6 +100,18 @@ do_fips()
|
|
_found=1
|
|
break
|
|
done </proc/crypto
|
|
+ # If we find some hardware specific modules and cannot load them
|
|
+ # it is not a problem, proceed.
|
|
+ if [ "$_found" = "0" ]; then
|
|
+ if [ "$_module" != "${_module%-intel}" \
|
|
+ -o "$_module" != "${_module%-ssse3}" \
|
|
+ -o "$_module" != "${_module%-x86_64}" \
|
|
+ -o "$_module" != "${_module%z90}" \
|
|
+ ]; then
|
|
+ _found=1
|
|
+ fi
|
|
+ fi
|
|
+
|
|
[ "$_found" = "0" ] && return 1
|
|
fi
|
|
fi
|
|
diff --git a/modules.d/01fips/module-setup.sh b/modules.d/01fips/module-setup.sh
|
|
index a4081dc..aa56fcf 100755
|
|
--- a/modules.d/01fips/module-setup.sh
|
|
+++ b/modules.d/01fips/module-setup.sh
|
|
@@ -18,8 +18,12 @@ installkernel() {
|
|
_fipsmodules="aead aes_generic aes-x86_64 ansi_cprng arc4 blowfish camellia cast6 cbc ccm "
|
|
_fipsmodules+="chainiv crc32c crct10dif_generic cryptomgr crypto_null ctr cts deflate des des3_ede dm-crypt dm-mod "
|
|
_fipsmodules+="ecb eseqiv fcrypt gcm ghash_generic hmac khazad lzo md4 md5 michael_mic rmd128 "
|
|
- _fipsmodules+="rmd160 rmd256 rmd320 rot13 salsa20 seed seqiv serpent sha1 sha224 sha256 sha256_generic "
|
|
- _fipsmodules+="sha384 sha512 sha512_generic tcrypt tea tnepres twofish wp256 wp384 wp512 xeta xtea xts zlib"
|
|
+ _fipsmodules+="rmd160 rmd256 rmd320 salsa20 seed seqiv serpent sha1 sha224 sha256 sha256_generic "
|
|
+ _fipsmodules+="sha384 sha512 sha512_generic tcrypt tea tnepres twofish wp256 wp384 wp512 xeta xtea xts zlib "
|
|
+ _fipsmodules+="sha512-ssse3 sha1-ssse3 sha256-ssse3 "
|
|
+ _fipsmodules+="ghash-clmulni-intel "
|
|
+
|
|
+ # once it is in the kernel: _fipsmodules+="drbg "
|
|
|
|
mkdir -m 0755 -p "${initdir}/etc/modprobe.d"
|
|
|
|
@@ -44,7 +48,9 @@ install() {
|
|
libsoftokn3.chk libfreebl3.so libfreebl3.chk \
|
|
libssl.so 'hmaccalc/sha512hmac.hmac' libssl.so.10
|
|
|
|
- inst_multiple -o prelink
|
|
+ # we do not use prelink at SUSE
|
|
+ #inst_multiple -o prelink
|
|
+
|
|
inst_simple /etc/system-fips
|
|
}
|
|
|
|
--
|
|
1.8.4.5
|
|
|