kernel
/
dracut
mirror of https://git.kernel.org/pub/scm/boot/dracut/dracut.git/
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

fips: set /boot as symlink to /sysroot/boot if no boot= parameter 

otherwise sha512hmac will error out with:

sha512hmac -c /sysroot/boot/.vmlinuz-2.6.32-220.el6.x86_64.hmac
Error opening "/boot/vmlinuz-2.6.32-220.el6.x86_64": No such file or directory.
master
Harald Hoyer 2012-08-21 15:01:08 +02:00
parent 48dba7f9ac
commit c9a9968dfc
1 changed files with 6 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
modules.d/01fips/fips.sh
View File

@ -45,23 +45,23 @@ mount_boot()
mkdir /boot
info "Mounting $boot as /boot"
mount -oro "$boot" /boot || return 1
elif [ -d "$NEWROOT/boot" ]; then
rm -fr /boot
ln -sf "$NEWROOT/boot" /boot
fi
}

do_fips()
{
info "Checking integrity of kernel"
newroot=$NEWROOT
KERNEL=$(uname -r)

[ -e "$newroot/boot/.vmlinuz-${KERNEL}.hmac" ] || unset newroot

if ! [ -e "$newroot/boot/.vmlinuz-${KERNEL}.hmac" ]; then
warn "$newroot/boot/.vmlinuz-${KERNEL}.hmac does not exist"
if ! [ -e "/boot/.vmlinuz-${KERNEL}.hmac" ]; then
warn "/boot/.vmlinuz-${KERNEL}.hmac does not exist"
return 1
fi

sha512hmac -c "$newroot/boot/.vmlinuz-${KERNEL}.hmac" || return 1
sha512hmac -c "/boot/.vmlinuz-${KERNEL}.hmac" || return 1

FIPSMODULES=$(cat /etc/fipsmodules)