fips: add "rd.fips.skipkernel" boot option

author Harald Hoyer <harald@redhat.com>

Wed, 6 Apr 2011 09:32:24 +0000 (11:32 +0200)

committer Harald Hoyer <harald@redhat.com>

Fri, 8 Apr 2011 08:27:32 +0000 (10:27 +0200)
author Harald Hoyer <harald@redhat.com>
Wed, 6 Apr 2011 09:32:24 +0000 (11:32 +0200)
committer Harald Hoyer <harald@redhat.com>
Fri, 8 Apr 2011 08:27:32 +0000 (10:27 +0200)
diff --git a/modules.d/01fips/fips.sh b/modules.d/01fips/fips.sh

index 857c355..f9bdfdf 100755 (executable)
--- a/modules.d/01fips/fips.sh
+++ b/modules.d/01fips/fips.sh
@@ -1,9 +1,9 @@
  #!/bin/sh
  # -*- mode: shell-script; indent-tabs-mode: nil; sh-basic-offset: 4; -*-
  # ex: ts=8 sw=4 sts=4 et filetype=sh
-do_fips()
+
+do_fipskernel()
  {
-    FIPSMODULES=$(cat /etc/fipsmodules)
      boot=$(getarg boot=)
      KERNEL=$(uname -r)
      case "$boot" in
@@ -48,7 +48,15 @@ do_fips()
  
      info "Umounting /boot"
      umount /boot
+}
  
+do_fips()
+{
+    FIPSMODULES=$(cat /etc/fipsmodules)
+
+    if ! getarg rd.fips.skipkernel >/dev/null; then
+       do_fipskernel
+    fi
      info "Loading and integrity checking all crypto modules"
      for module in $FIPSMODULES; do
          if [ "$module" != "tcrypt" ]; then
author	Harald Hoyer <harald@redhat.com>
	Wed, 6 Apr 2011 09:32:24 +0000 (11:32 +0200)
committer	Harald Hoyer <harald@redhat.com>
	Fri, 8 Apr 2011 08:27:32 +0000 (10:27 +0200)