base/SOURCES/0558-fips-ensure-fs-module-for-boot-is-installed.patch

From c6ccef8827af134884c5b2c785e07eb0b144450b Mon Sep 17 00:00:00 2001
From: Kairui Song <kasong@redhat.com>
Date: Thu, 14 Mar 2019 18:54:10 +0800
Subject: [PATCH] fips: ensure fs module for /boot is installed

When using dracut with  --hostonly and --no-hostonly-default-device,
/boot will be inaccessible as dracut will most fs modules unless
specified. But FIPS require /boot to be accessible, and it will try
to mount it on boot. It will fail if corresponding fs module is missing.

For most case /boot will be a simple partition, include the fs module
will be enough for FIPS to mount it. For other cases users have to pass
extra parameters by themselves.

Suggested-by: Kenneth Dsouza <kdsouza@redhat.com>
Signed-off-by: Kairui Song <kasong@redhat.com>

Cherry-picked from: 8365177644bee107dcb66a71c8a7509900c9ece4
Resolves: #1672817
---
 modules.d/01fips/module-setup.sh | 12 +++++++++++-
 1 file changed, 11 insertions(+), 1 deletion(-)

diff --git a/modules.d/01fips/module-setup.sh b/modules.d/01fips/module-setup.sh
index 242d4dd9..834e7d7d 100755
--- a/modules.d/01fips/module-setup.sh
+++ b/modules.d/01fips/module-setup.sh
@@ -11,7 +11,7 @@ depends() {
 }
 
 installkernel() {
-    local _fipsmodules _mod i
+    local _fipsmodules _mod i _bootfstype
 
     if [[ -f "${srcmods}/modules.fips" ]]; then
         _fipsmodules="$(cat "${srcmods}/modules.fips")"
@@ -36,6 +36,16 @@ installkernel() {
             done
         fi
     done
+
+    # with hostonly_default_device fs module for /boot is not installed by default
+    if [[ $hostonly ]] && [[ "$hostonly_default_device" == "no" ]]; then
+        _bootfstype=$(find_mp_fstype /boot)
+        if [[ -n "$_bootfstype" ]]; then
+            hostonly='' instmods $_bootfstype
+        else
+            dwarning "Can't determine fs type for /boot, FIPS check may fail."
+        fi
+    fi
 }
 
 install() {