File 0567-Fix-booting-with-fips-1-on-SLES-12-SP4.patch of Package dracut.9506

From c3f2e356ca15c32123334764c014df264d72f149 Mon Sep 17 00:00:00 2001
From: Daniel Molkentin <dmolkentin@suse.com>
Date: Wed, 25 Apr 2018 18:43:46 +0200
Subject: [PATCH] Fix booting with fips=1 on SLES 12 SP4

Also, add some documentation on how FIPS actually works.

Based on SLE15 patch.

Reference: bsc#1074984
---
 modules.d/01fips/module-setup.sh | 15 +++++++++++----
 1 file changed, 11 insertions(+), 4 deletions(-)

diff --git a/modules.d/01fips/module-setup.sh b/modules.d/01fips/module-setup.sh
index 709cfc85..178bae17 100755
--- a/modules.d/01fips/module-setup.sh
+++ b/modules.d/01fips/module-setup.sh
@@ -13,6 +13,12 @@ depends() {
 # called by dracut
 installkernel() {
     local _fipsmodules _mod
+    # The FIPS process requires that crypto primitives should perform a power-up self test. They must not be loaded and
+    # used prior to successful completion. FIPS140-2, section 4.9 mandates that during power-up, crypto algorithms should
+    # perform self tests, displaying an error if any one of them fails.
+
+    # dracut implements this by first compiling a blacklist (provided by the kernel in newer distros) and then
+    # load the modules in that list one by one in a controlled manner, aborting on failure.
     if [[ -f "${srcmods}/modules.fips" ]]; then
         _fipsmodules="$(cat "${srcmods}/modules.fips")"
     else
@@ -28,6 +34,7 @@ installkernel() {
         _fipsmodules+="ablk_helper cryptd twofish_x86_64_3way lrw glue_helper twofish_x86_64 twofish_common blowfish_generic "
         _fipsmodules+="blowfish_x86_64 blowfish_common des_generic cbc "
         _fipsmodules+="algif_hash af_alg crypto_user "
+        _fipsmodules+="sha3_generic "
     fi
 
     mkdir -m 0755 -p "${initdir}/etc/modprobe.d"
-- 
2.13.6