Overview

File 0053-01fips-fixup-loading-issues.patch of Package dracut.608

From c0fd9c31e9044b99edb850c4af229887b616e828 Mon Sep 17 00:00:00 2001
From: Hannes Reinecke <hare@suse.de>
Date: Mon, 2 Jun 2014 15:02:04 +0200
Subject: [PATCH] 01fips: fixup loading issues

Adjust the FIPS module list to avoid loading issues

References: bnc#875855

Signed-off-by: Marcus Meissner <meissner@suse.de>
---
 modules.d/01fips/fips.sh         | 12 ++++++++++++
 modules.d/01fips/module-setup.sh | 12 +++++++++---
 2 files changed, 21 insertions(+), 3 deletions(-)

diff --git a/modules.d/01fips/fips.sh b/modules.d/01fips/fips.sh
index 7fa48f1..07bd1da 100755
--- a/modules.d/01fips/fips.sh
+++ b/modules.d/01fips/fips.sh
@@ -100,6 +100,18 @@ do_fips()
                     _found=1
                     break
                 done </proc/crypto
+                # If we find some hardware specific modules and cannot load them
+                # it is not a problem, proceed.
+                if [ "$_found" = "0" ]; then
+                    if [    "$_module" != "${_module%-intel}"   \
+                        -o  "$_module" != "${_module%-ssse3}"   \
+                        -o  "$_module" != "${_module%-x86_64}"  \
+                        -o  "$_module" != "${_module%z90}"      \
+                    ]; then
+                        _found=1
+                    fi
+                fi
+
                 [ "$_found" = "0" ] && return 1
             fi
         fi
diff --git a/modules.d/01fips/module-setup.sh b/modules.d/01fips/module-setup.sh
index a4081dc..aa56fcf 100755
--- a/modules.d/01fips/module-setup.sh
+++ b/modules.d/01fips/module-setup.sh
@@ -18,8 +18,12 @@ installkernel() {
     _fipsmodules="aead aes_generic aes-x86_64 ansi_cprng arc4 blowfish camellia cast6 cbc ccm "
     _fipsmodules+="chainiv crc32c crct10dif_generic cryptomgr crypto_null ctr cts deflate des des3_ede dm-crypt dm-mod "
     _fipsmodules+="ecb eseqiv fcrypt gcm ghash_generic hmac khazad lzo md4 md5 michael_mic rmd128 "
-    _fipsmodules+="rmd160 rmd256 rmd320 rot13 salsa20 seed seqiv serpent sha1 sha224 sha256 sha256_generic "
-    _fipsmodules+="sha384 sha512 sha512_generic tcrypt tea tnepres twofish wp256 wp384 wp512 xeta xtea xts zlib"
+    _fipsmodules+="rmd160 rmd256 rmd320 salsa20 seed seqiv serpent sha1 sha224 sha256 sha256_generic "
+    _fipsmodules+="sha384 sha512 sha512_generic tcrypt tea tnepres twofish wp256 wp384 wp512 xeta xtea xts zlib "
+    _fipsmodules+="sha512-ssse3 sha1-ssse3 sha256-ssse3 "
+    _fipsmodules+="ghash-clmulni-intel "
+
+    # once it is in the kernel: _fipsmodules+="drbg "
 
     mkdir -m 0755 -p "${initdir}/etc/modprobe.d"
 
@@ -44,7 +48,9 @@ install() {
         libsoftokn3.chk libfreebl3.so libfreebl3.chk \
         libssl.so 'hmaccalc/sha512hmac.hmac' libssl.so.10
 
-    inst_multiple -o prelink
+    # we do not use prelink at SUSE
+    #inst_multiple -o prelink
+
     inst_simple /etc/system-fips
 }
 
-- 
1.8.4.5
openSUSE Build Service is sponsored by
Places