3659d64df3
fips: add libfreeblpriv3.so and libfreeblpriv3.chk
10 years ago
967cc19ab1
remove all vim and emacs code format comments
11 years ago
928da57447
fips: fix RHEV vmlinuz check
11 years ago
185e940e27
fips: also install /etc/system-fips in the initramfs
11 years ago
0a8e91bb24
fips: include crct10dif_generic
...
Resolves: rhbz#1024455
11 years ago
4d7c18c7c0
Handle crypto modules with and without modaliases
...
If new kernels have modules split out, handle the case, where modules
have to modalias and just install them.
Also add the crypto drivers and names to host_modalias.
11 years ago
8bcfd683bd
*/module-setup.sh: add comments for dracut called functions
12 years ago
af11946054
dracut-functions.sh: inst_multiple == dracut_install
12 years ago
190047f161
fips: handle checksum checks for RHEV kernels
...
https://bugzilla.redhat.com/show_bug.cgi?id=947729
12 years ago
748867d177
fips: cope with module aliases, when checking modules
...
Also do not fail, if module aliases try to load CPU specific modules
like crc32c_intel.
12 years ago
1e057b352a
add PARTLABEL and PARTUUID
12 years ago
32bd2fbb4c
use "rm --" to guard against filenames beginning with "-"
12 years ago
15b93069bb
01fips/module-setup.sh: add libssl.so.10 to make kdump work with fips mode
...
FIPS can work well in 1st kernel, but failed in kdump kernel. the
libssl.so.10 and related hmac file are needed. Now add it and it
works.
Signed-off-by: Baoquan He <bhe@redhat.com>
12 years ago
26a077fc7e
fips: do not fail immediatly after loading the crypto modules
...
Fail only if tcrypt insmod failed.
12 years ago
6f4c2dada4
fixed fips mode
...
- preserve timestamps
- copy /lib*/hmaccalc files
- run sha512hmac after kernel module loading
- add more fips kernel modules
12 years ago
1161f03777
fips: add lzo module
12 years ago
0fc0dcff60
bye bye iscsi_wait_scan ... officially gone for kernel 3.6
13 years ago
104727ad6e
Require fipscheck and libssl in FIPS module
...
To properly perform verification in FIPS mode,
we need to install fipscheck and libssl explicitly.
(cryptsetup seems to be the first user of this verification in ramdisk...)
Signed-off-by: Milan Broz <mbroz@redhat.com>
13 years ago
c9a9968dfc
fips: set /boot as symlink to /sysroot/boot if no boot= parameter
...
otherwise sha512hmac will error out with:
sha512hmac -c /sysroot/boot/.vmlinuz-2.6.32-220.el6.x86_64.hmac
Error opening "/boot/vmlinuz-2.6.32-220.el6.x86_64": No such file or directory.
13 years ago
4ee59ab3ed
Fix fips module list.
...
If dracut is build only with fips/fips-aesni (no crypto module),
FIPS mode fails because of missing GCM modules.
Just add proper modules to list (kernel have both maker as FIPS compliant already).
Signed-off-by: Milan Broz <mbroz@redhat.com>
13 years ago
338b43cd6a
fips: add instmods silent check mode "-c -s"
13 years ago
0251fcd400
fips: change module list
13 years ago
0d339e7ffb
fips/module-setup.sh: s/aes-xts/xts
13 years ago
53fe81e752
modules.d/*/module-setup.sh: combine and specify type for installs
...
To speedup image creation, combine dracut_install calls and specify the exact type.
E.g. inst_script instead of the generic inst.
13 years ago
d77540c8e4
get rid of libdir and usrlibdir
13 years ago
51153fb18c
removed scsi_wait_scan from standard install
13 years ago
c9143a63fe
Debian multiarch support
...
Another solution could be searching in directories found at
/etc/ld.so.conf.d/*.conf or adding a new parameter. Here is a patch
which adds a new --libdirs parameter, and also a new inst_libdir_file
function which will try to expand metacharacters on each lib
directory:
inst_libdir_file "libdevmapper-event-lvm*.so"
13 years ago
078acb598b
fips: fixed aes_generic module typo
13 years ago
814fa9a58f
01fips/installkernel: add dm-mod and dm-crypt to the fipsmodules
...
https://bugzilla.redhat.com/show_bug.cgi?id=707609
14 years ago
29b10e65b1
dracut-functions: make local vars local and prefix with "_"
14 years ago
3b403b32fc
removed trailing whitespaces
14 years ago
4257798f8a
fips: forward port RHEL-6 fips changes
...
- also support FIPS on separate LVM partition
- use small settle loop to get /boot
- "set -e" has no effect, if we use "||"
- make fips work with encrypted root and seperate boot
- moved to pre-pivot to support /boot in /
14 years ago
d125a47061
mkdir always with -m 0755
14 years ago
02c1bd6bb6
fips: add "rd.fips.skipkernel" boot option
14 years ago
01583ae4ad
fips: fixed "boot=<dev>" handling
14 years ago
10b5dca0f7
fips/fips.sh: do not load tcrypt with "noexit" parameter
...
"noexit=1" is the default mode for the tcrypt module now.
[forward ported 7e7308158c9149c33309c0d36a6e1126e690fb58]
14 years ago
b60d5e90a5
fips/fips.sh: die(), if boot=<device> is not present or has wrong format
14 years ago
674bdee804
fips/fips.sh: only trigger udev, if device node of boot is not present
14 years ago
71df3c4329
renamed module-info.sh to module-setup.sh
14 years ago
e6752f1a6c
fips: add aes-xts module
14 years ago
95d2dabc25
replaced check,install,installkernel with module-info.sh
14 years ago
e2d86d001a
fips: s/==/=
14 years ago
cc02093d69
reformat source code
...
removed tabs and set indention to 4 spaces
added emacs and vi format headers
15 years ago
55309e7800
use $libdir and $usrlibdir instead of individual detect with ldd
15 years ago
719cc30626
fips: udev trigger with action=add
15 years ago
59a083d8d1
fips: fixes copy&paste error for "check"
15 years ago
4819ae98ac
fix lib64 check
...
on ppc we can have libc in /lib64/power6/
15 years ago
506c7f2ab0
install umount for the modules, which use it
15 years ago
8e93970944
fips: do not activate fips module by default
15 years ago
b65f499f60
fips: more shebang
15 years ago
Harald Hoyer