projects / platform / upstream / dracut.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: ef6900e)
02fips-aesni: add fips with aesni-intel
authorHarald Hoyer <harald@redhat.com>
Fri, 23 Sep 2011 12:12:06 +0000 (14:12 +0200)
committerHarald Hoyer <harald@redhat.com>
Tue, 15 Nov 2011 08:47:26 +0000 (09:47 +0100)
add this dracut module, if you want to start in FIPS mode with
the aesni-intel kernel module

dracut.spec patch | blob | history
modules.d/02fips-aesni/module-setup.sh [new file with mode: 0755] patch | blob

diff --git a/dracut.spec b/dracut.spec
index 79db7dd..8fd5048 100644 (file)
--- a/dracut.spec
+++ b/dracut.spec
@@ -132,6 +132,15 @@ This package requires everything which is needed to build an
 all purpose initramfs with dracut, which does an integrity check.
 %endif
 
+%package fips-aesni
+Summary: Dracut modules to build a dracut initramfs with an integrity check with aesni-intel
+Requires: %{name}-fips = %{version}-%{release}
+
+%description fips-aesni
+This package requires everything which is needed to build an
+all purpose initramfs with dracut, which does an integrity check 
+and adds the aesni-intel kernel module.
+
 %package caps
 Summary: Dracut modules to build a dracut initramfs which drops capabilities
 Requires: %{name} = %{version}-%{release}
@@ -173,6 +182,7 @@ echo %{name}-%{version}-%{release} > $RPM_BUILD_ROOT/%{_datadir}/dracut/modules.
 
 %if 0%{?fedora} == 0 && 0%{?rhel} == 0
 rm -fr $RPM_BUILD_ROOT/%{_datadir}/dracut/modules.d/01fips
+rm -fr $RPM_BUILD_ROOT/%{_datadir}/dracut/modules.d/02fips-aesni
 %endif
 
 # remove gentoo specific modules
@@ -282,6 +292,11 @@ rm -rf $RPM_BUILD_ROOT
 %config(noreplace) /etc/dracut.conf.d/40-fips.conf
 %endif
 
+%files fips-aesni
+%defattr(-,root,root,0755)
+%doc COPYING
+%{_datadir}/dracut/modules.d/02fips-aesni
+
 %files caps
 %defattr(-,root,root,0755)
 %{_datadir}/dracut/modules.d/02caps
diff --git a/modules.d/02fips-aesni/module-setup.sh b/modules.d/02fips-aesni/module-setup.sh
new file mode 100755 (executable)
index 0000000..f8fb705
--- /dev/null
+++ b/modules.d/02fips-aesni/module-setup.sh
@@ -0,0 +1,30 @@
+#!/bin/bash
+# -*- mode: shell-script; indent-tabs-mode: nil; sh-basic-offset: 4; -*-
+# ex: ts=8 sw=4 sts=4 et filetype=sh
+
+check() {
+    return 255
+}
+
+depends() {
+    return 0
+}
+
+installkernel() {
+    local _fipsmodules _mod
+    _fipsmodules="aesni-intel"
+
+    mkdir -m 0755 -p "${initdir}/etc/modprobe.d"
+
+    for _mod in $_fipsmodules; do
+        if instmods $_mod; then
+            echo $_mod >> "${initdir}/etc/fipsmodules"
+            echo "blacklist $_mod" >> "${initdir}/etc/modprobe.d/fips.conf"
+        fi
+    done
+}
+
+install() {
+    return 0
+}
+
Domain: System / Base;