190047f161
fips: handle checksum checks for RHEV kernels
...
https://bugzilla.redhat.com/show_bug.cgi?id=947729
2013-07-31 11:31:13 +02:00
748867d177
fips: cope with module aliases, when checking modules
...
Also do not fail, if module aliases try to load CPU specific modules
like crc32c_intel.
2013-07-31 11:26:46 +02:00
1e057b352a
add PARTLABEL and PARTUUID
2013-07-05 15:32:38 +02:00
32bd2fbb4c
use "rm --" to guard against filenames beginning with "-"
2013-06-28 10:31:18 +02:00
15b93069bb
01fips/module-setup.sh: add libssl.so.10 to make kdump work with fips mode
...
FIPS can work well in 1st kernel, but failed in kdump kernel. the
libssl.so.10 and related hmac file are needed. Now add it and it
works.
Signed-off-by: Baoquan He <bhe@redhat.com>
2013-05-28 14:26:31 +02:00
26a077fc7e
fips: do not fail immediatly after loading the crypto modules
...
Fail only if tcrypt insmod failed.
2013-04-29 11:34:26 +02:00
6f4c2dada4
fixed fips mode
...
- preserve timestamps
- copy /lib*/hmaccalc files
- run sha512hmac after kernel module loading
- add more fips kernel modules
2013-04-25 19:44:01 +02:00
1161f03777
fips: add lzo module
2013-03-08 07:05:55 +01:00
0fc0dcff60
bye bye iscsi_wait_scan ... officially gone for kernel 3.6
2012-09-18 13:39:54 +02:00
104727ad6e
Require fipscheck and libssl in FIPS module
...
To properly perform verification in FIPS mode,
we need to install fipscheck and libssl explicitly.
(cryptsetup seems to be the first user of this verification in ramdisk...)
Signed-off-by: Milan Broz <mbroz@redhat.com>
2012-08-24 09:26:59 +02:00
c9a9968dfc
fips: set /boot as symlink to /sysroot/boot if no boot= parameter
...
otherwise sha512hmac will error out with:
sha512hmac -c /sysroot/boot/.vmlinuz-2.6.32-220.el6.x86_64.hmac
Error opening "/boot/vmlinuz-2.6.32-220.el6.x86_64": No such file or directory.
2012-08-21 18:46:20 +02:00
4ee59ab3ed
Fix fips module list.
...
If dracut is build only with fips/fips-aesni (no crypto module),
FIPS mode fails because of missing GCM modules.
Just add proper modules to list (kernel have both maker as FIPS compliant already).
Signed-off-by: Milan Broz <mbroz@redhat.com>
2012-07-16 16:58:51 +02:00
338b43cd6a
fips: add instmods silent check mode "-c -s"
2012-07-05 11:15:42 +02:00
0251fcd400
fips: change module list
2012-07-05 10:11:27 +02:00
0d339e7ffb
fips/module-setup.sh: s/aes-xts/xts
2012-06-29 12:41:27 +02:00
53fe81e752
modules.d/*/module-setup.sh: combine and specify type for installs
...
To speedup image creation, combine dracut_install calls and specify the exact type.
E.g. inst_script instead of the generic inst.
2012-06-29 12:41:27 +02:00
d77540c8e4
get rid of libdir and usrlibdir
2012-06-04 15:23:15 +02:00
51153fb18c
removed scsi_wait_scan from standard install
2012-05-31 09:14:17 +02:00
c9143a63fe
Debian multiarch support
...
Another solution could be searching in directories found at
/etc/ld.so.conf.d/*.conf or adding a new parameter. Here is a patch
which adds a new --libdirs parameter, and also a new inst_libdir_file
function which will try to expand metacharacters on each lib
directory:
inst_libdir_file "libdevmapper-event-lvm*.so"
2012-04-16 14:46:53 +02:00
078acb598b
fips: fixed aes_generic module typo
2012-04-02 09:01:49 +02:00
814fa9a58f
01fips/installkernel: add dm-mod and dm-crypt to the fipsmodules
...
https://bugzilla.redhat.com/show_bug.cgi?id=707609
2011-08-11 14:27:25 +02:00
29b10e65b1
dracut-functions: make local vars local and prefix with "_"
2011-05-12 11:06:47 +02:00
3b403b32fc
removed trailing whitespaces
2011-05-10 11:56:09 +02:00
4257798f8a
fips: forward port RHEL-6 fips changes
...
- also support FIPS on separate LVM partition
- use small settle loop to get /boot
- "set -e" has no effect, if we use "||"
- make fips work with encrypted root and seperate boot
- moved to pre-pivot to support /boot in /
2011-05-02 11:15:46 +02:00
d125a47061
mkdir always with -m 0755
2011-04-08 10:39:46 +02:00
02c1bd6bb6
fips: add "rd.fips.skipkernel" boot option
2011-04-08 10:27:32 +02:00
01583ae4ad
fips: fixed "boot=<dev>" handling
2011-03-30 14:57:01 +02:00
10b5dca0f7
fips/fips.sh: do not load tcrypt with "noexit" parameter
...
"noexit=1" is the default mode for the tcrypt module now.
[forward ported 7e7308158c9149c33309c0d36a6e1126e690fb58]
2011-03-07 13:37:20 +01:00
b60d5e90a5
fips/fips.sh: die(), if boot=<device> is not present or has wrong format
2011-03-07 13:37:19 +01:00
674bdee804
fips/fips.sh: only trigger udev, if device node of boot is not present
2011-03-07 13:37:19 +01:00
71df3c4329
renamed module-info.sh to module-setup.sh
2011-02-02 16:35:18 +01:00
e6752f1a6c
fips: add aes-xts module
2011-02-02 14:48:37 +01:00
95d2dabc25
replaced check,install,installkernel with module-info.sh
2011-02-02 13:56:03 +01:00
e2d86d001a
fips: s/==/=
2011-01-03 09:48:37 +01:00
cc02093d69
reformat source code
...
removed tabs and set indention to 4 spaces
added emacs and vi format headers
2010-09-10 15:34:36 +02:00
55309e7800
use $libdir and $usrlibdir instead of individual detect with ldd
2010-08-23 11:55:11 +02:00
719cc30626
fips: udev trigger with action=add
2010-08-05 08:47:17 +02:00
59a083d8d1
fips: fixes copy&paste error for "check"
2010-06-18 12:52:52 +02:00
4819ae98ac
fix lib64 check
...
on ppc we can have libc in /lib64/power6/
2010-02-17 17:02:04 +01:00
506c7f2ab0
install umount for the modules, which use it
2010-01-13 15:57:32 +01:00
8e93970944
fips: do not activate fips module by default
2009-11-27 14:55:02 +01:00
b65f499f60
fips: more shebang
2009-11-27 14:32:28 +01:00
c2bcc5be2f
fips: add shebang to fips.sh
2009-11-27 14:31:05 +01:00
557ea7a8da
fips: search different lib paths
2009-11-23 12:28:57 +01:00
03d8ec2601
add module fips
2009-11-12 14:59:28 +01:00
Harald Hoyer