File 0053-01fips-fixup-loading-issues.patch of Package dracut.10716

From a15945f1cd7cac0ad472807ca7979726dd34288b Mon Sep 17 00:00:00 2001
From: Marcus Meissner <meissner@suse.de>
Date: Mon, 2 Jun 2014 15:02:04 +0200
Subject: [PATCH] 01fips: fixup loading issues

Adjust the FIPS module list to avoid loading issues

References: bnc#875855

Signed-off-by: Marcus Meissner <meissner@suse.de>
---
 modules.d/01fips/fips.sh         | 12 ++++++++++++
 modules.d/01fips/module-setup.sh |  6 +++++-
 2 files changed, 17 insertions(+), 1 deletion(-)

diff --git a/modules.d/01fips/fips.sh b/modules.d/01fips/fips.sh
index 6acdf62..835f520 100755
--- a/modules.d/01fips/fips.sh
+++ b/modules.d/01fips/fips.sh
@@ -98,6 +98,18 @@ do_fips()
                     _found=1
                     break
                 done </proc/crypto
+                # If we find some hardware specific modules and cannot load them
+                # it is not a problem, proceed.
+                if [ "$_found" = "0" ]; then
+                    if [    "$_module" != "${_module%-intel}"   \
+                        -o  "$_module" != "${_module%-ssse3}"   \
+                        -o  "$_module" != "${_module%-x86_64}"  \
+                        -o  "$_module" != "${_module%z90}"      \
+                    ]; then
+                        _found=1
+                    fi
+                fi
+
                 [ "$_found" = "0" ] && return 1
             fi
         fi
diff --git a/modules.d/01fips/module-setup.sh b/modules.d/01fips/module-setup.sh
index 7278347..18c8377 100755
--- a/modules.d/01fips/module-setup.sh
+++ b/modules.d/01fips/module-setup.sh
@@ -19,6 +19,8 @@ installkernel() {
     _fipsmodules+="rmd160 rmd256 rmd320 rot13 salsa20 seed seqiv serpent sha1 sha224 sha256 sha256_generic "
     _fipsmodules+="sha384 sha512 sha512_generic tcrypt tea tnepres twofish wp256 wp384 wp512 xeta xtea xts zlib"
     _fipsmodules+="aes_s390 des_s390 prng sha256_s390 sha_common des_check_key ghash_s390 sha1_s390 sha512_s390"
+    _fipsmodules+="sha512-ssse3 sha1-ssse3 sha256-ssse3 "
+    _fipsmodules+="ghash-clmulni-intel "
 
     mkdir -m 0755 -p "${initdir}/etc/modprobe.d"
 
@@ -44,7 +46,9 @@ install() {
         libssl.so 'hmaccalc/sha512hmac.hmac' libssl.so.10 \
         libfreeblpriv3.so libfreeblpriv3.chk
 
-    inst_multiple -o prelink
+    # we do not use prelink at SUSE
+    #inst_multiple -o prelink
+
     inst_simple /etc/system-fips
 }
 
-- 
2.6.6

openSUSE Build Service is sponsored by