02fips-aesni: add fips with aesni-intel
add this dracut module, if you want to start in FIPS mode with the aesni-intel kernel modulemaster
parent
ef6900eb79
commit
2e1b9171bf
15
dracut.spec
15
dracut.spec
|
@ -132,6 +132,15 @@ This package requires everything which is needed to build an
|
|||
all purpose initramfs with dracut, which does an integrity check.
|
||||
%endif
|
||||
|
||||
%package fips-aesni
|
||||
Summary: Dracut modules to build a dracut initramfs with an integrity check with aesni-intel
|
||||
Requires: %{name}-fips = %{version}-%{release}
|
||||
|
||||
%description fips-aesni
|
||||
This package requires everything which is needed to build an
|
||||
all purpose initramfs with dracut, which does an integrity check
|
||||
and adds the aesni-intel kernel module.
|
||||
|
||||
%package caps
|
||||
Summary: Dracut modules to build a dracut initramfs which drops capabilities
|
||||
Requires: %{name} = %{version}-%{release}
|
||||
|
@ -173,6 +182,7 @@ echo %{name}-%{version}-%{release} > $RPM_BUILD_ROOT/%{_datadir}/dracut/modules.
|
|||
|
||||
%if 0%{?fedora} == 0 && 0%{?rhel} == 0
|
||||
rm -fr $RPM_BUILD_ROOT/%{_datadir}/dracut/modules.d/01fips
|
||||
rm -fr $RPM_BUILD_ROOT/%{_datadir}/dracut/modules.d/02fips-aesni
|
||||
%endif
|
||||
|
||||
# remove gentoo specific modules
|
||||
|
@ -282,6 +292,11 @@ rm -rf $RPM_BUILD_ROOT
|
|||
%config(noreplace) /etc/dracut.conf.d/40-fips.conf
|
||||
%endif
|
||||
|
||||
%files fips-aesni
|
||||
%defattr(-,root,root,0755)
|
||||
%doc COPYING
|
||||
%{_datadir}/dracut/modules.d/02fips-aesni
|
||||
|
||||
%files caps
|
||||
%defattr(-,root,root,0755)
|
||||
%{_datadir}/dracut/modules.d/02caps
|
||||
|
|
|
@ -0,0 +1,30 @@
|
|||
#!/bin/bash
|
||||
# -*- mode: shell-script; indent-tabs-mode: nil; sh-basic-offset: 4; -*-
|
||||
# ex: ts=8 sw=4 sts=4 et filetype=sh
|
||||
|
||||
check() {
|
||||
return 255
|
||||
}
|
||||
|
||||
depends() {
|
||||
return 0
|
||||
}
|
||||
|
||||
installkernel() {
|
||||
local _fipsmodules _mod
|
||||
_fipsmodules="aesni-intel"
|
||||
|
||||
mkdir -m 0755 -p "${initdir}/etc/modprobe.d"
|
||||
|
||||
for _mod in $_fipsmodules; do
|
||||
if instmods $_mod; then
|
||||
echo $_mod >> "${initdir}/etc/fipsmodules"
|
||||
echo "blacklist $_mod" >> "${initdir}/etc/modprobe.d/fips.conf"
|
||||
fi
|
||||
done
|
||||
}
|
||||
|
||||
install() {
|
||||
return 0
|
||||
}
|
||||
|
Loading…
Reference in New Issue