a66b474ff5
- disabled systemd in the initramfs, until it works correctly
43 lines
1.6 KiB
Diff
43 lines
1.6 KiB
Diff
From 4ee59ab3ed59475923a1fed0a8a52f5a03799c93 Mon Sep 17 00:00:00 2001
|
|
From: Milan Broz <mbroz@redhat.com>
|
|
Date: Mon, 16 Jul 2012 16:28:47 +0200
|
|
Subject: [PATCH] Fix fips module list.
|
|
|
|
If dracut is build only with fips/fips-aesni (no crypto module),
|
|
FIPS mode fails because of missing GCM modules.
|
|
|
|
Just add proper modules to list (kernel have both maker as FIPS compliant already).
|
|
|
|
Signed-off-by: Milan Broz <mbroz@redhat.com>
|
|
---
|
|
modules.d/01fips/module-setup.sh | 2 +-
|
|
modules.d/02fips-aesni/module-setup.sh | 2 +-
|
|
2 files changed, 2 insertions(+), 2 deletions(-)
|
|
|
|
diff --git a/modules.d/01fips/module-setup.sh b/modules.d/01fips/module-setup.sh
|
|
index 2d238fb..2517964 100755
|
|
--- a/modules.d/01fips/module-setup.sh
|
|
+++ b/modules.d/01fips/module-setup.sh
|
|
@@ -12,7 +12,7 @@ depends() {
|
|
|
|
installkernel() {
|
|
local _fipsmodules _mod
|
|
- _fipsmodules="aead aes_generic xts aes-x86_64 ansi_cprng cbc ccm chainiv ctr"
|
|
+ _fipsmodules="aead aes_generic xts aes-x86_64 ansi_cprng cbc ccm chainiv ctr gcm ghash_generic"
|
|
_fipsmodules+=" des deflate ecb eseqiv hmac seqiv sha256 sha256_generic sha512 sha512_generic"
|
|
_fipsmodules+=" cryptomgr crypto_null tcrypt dm-mod dm-crypt"
|
|
|
|
diff --git a/modules.d/02fips-aesni/module-setup.sh b/modules.d/02fips-aesni/module-setup.sh
|
|
index f8fb705..fb4010d 100755
|
|
--- a/modules.d/02fips-aesni/module-setup.sh
|
|
+++ b/modules.d/02fips-aesni/module-setup.sh
|
|
@@ -12,7 +12,7 @@ depends() {
|
|
|
|
installkernel() {
|
|
local _fipsmodules _mod
|
|
- _fipsmodules="aesni-intel"
|
|
+ _fipsmodules="aesni-intel ghash_clmulni_intel"
|
|
|
|
mkdir -m 0755 -p "${initdir}/etc/modprobe.d"
|
|
|