From 2e1b9171bf20a0d544fa09d0fa5f1024379c211b Mon Sep 17 00:00:00 2001
From: Harald Hoyer <harald@redhat.com>
Date: Fri, 23 Sep 2011 14:12:06 +0200
Subject: [PATCH] 02fips-aesni: add fips with aesni-intel

add this dracut module, if you want to start in FIPS mode with
the aesni-intel kernel module
---
 dracut.spec                            | 15 +++++++++++++
 modules.d/02fips-aesni/module-setup.sh | 30 ++++++++++++++++++++++++++
 2 files changed, 45 insertions(+)
 create mode 100755 modules.d/02fips-aesni/module-setup.sh

diff --git a/dracut.spec b/dracut.spec
index 79db7dd8..8fd5048f 100644
--- a/dracut.spec
+++ b/dracut.spec
@@ -132,6 +132,15 @@ This package requires everything which is needed to build an
 all purpose initramfs with dracut, which does an integrity check.
 %endif
 
+%package fips-aesni
+Summary: Dracut modules to build a dracut initramfs with an integrity check with aesni-intel
+Requires: %{name}-fips = %{version}-%{release}
+
+%description fips-aesni
+This package requires everything which is needed to build an
+all purpose initramfs with dracut, which does an integrity check 
+and adds the aesni-intel kernel module.
+
 %package caps
 Summary: Dracut modules to build a dracut initramfs which drops capabilities
 Requires: %{name} = %{version}-%{release}
@@ -173,6 +182,7 @@ echo %{name}-%{version}-%{release} > $RPM_BUILD_ROOT/%{_datadir}/dracut/modules.
 
 %if 0%{?fedora} == 0 && 0%{?rhel} == 0
 rm -fr $RPM_BUILD_ROOT/%{_datadir}/dracut/modules.d/01fips
+rm -fr $RPM_BUILD_ROOT/%{_datadir}/dracut/modules.d/02fips-aesni
 %endif
 
 # remove gentoo specific modules
@@ -282,6 +292,11 @@ rm -rf $RPM_BUILD_ROOT
 %config(noreplace) /etc/dracut.conf.d/40-fips.conf
 %endif
 
+%files fips-aesni
+%defattr(-,root,root,0755)
+%doc COPYING
+%{_datadir}/dracut/modules.d/02fips-aesni
+
 %files caps
 %defattr(-,root,root,0755)
 %{_datadir}/dracut/modules.d/02caps
diff --git a/modules.d/02fips-aesni/module-setup.sh b/modules.d/02fips-aesni/module-setup.sh
new file mode 100755
index 00000000..f8fb705b
--- /dev/null
+++ b/modules.d/02fips-aesni/module-setup.sh
@@ -0,0 +1,30 @@
+#!/bin/bash
+# -*- mode: shell-script; indent-tabs-mode: nil; sh-basic-offset: 4; -*-
+# ex: ts=8 sw=4 sts=4 et filetype=sh
+
+check() {
+    return 255
+}
+
+depends() {
+    return 0
+}
+
+installkernel() {
+    local _fipsmodules _mod
+    _fipsmodules="aesni-intel"
+
+    mkdir -m 0755 -p "${initdir}/etc/modprobe.d"
+
+    for _mod in $_fipsmodules; do
+        if instmods $_mod; then
+            echo $_mod >> "${initdir}/etc/fipsmodules"
+            echo "blacklist $_mod" >> "${initdir}/etc/modprobe.d/fips.conf"
+        fi
+    done
+}
+
+install() {
+    return 0
+}
+