Check /proc/sys/crypto/fips_enabled to tell if FIPS has been enabled

Resolves: https://issues.redhat.com/browse/RHEL-75539
Conflict: None

Upstream Status: git@github.com:rhkdump/kdump-utils.git

Signed-off-by: Coiby Xu <coxu@redhat.com>

0004-Check-proc-sys-crypto-fips_enabled-to-tell-if-FIPS-h.patch

@@ -0,0 +1,36 @@
+From 722b45982e954d47e507d4aa33fbe8003da34d91 Mon Sep 17 00:00:00 2001
+From: Coiby Xu <coxu@redhat.com>
+Date: Mon, 17 Feb 2025 11:02:05 +0800
+Subject: [PATCH] Check /proc/sys/crypto/fips_enabled to tell if FIPS has been
+ enabled
+
+Resolves: https://issues.redhat.com/browse/RHEL-75539
+
+A proposal [1] has been submitted to remove fips-mode-setup from Fedora
+42. And we are suggested to tell if FIPS has been enabled by check if
+/proc/sys/crypto/fips_enabled has 1.
+
+[1] https://fedoraproject.org/wiki/Changes/RemoveFipsModeSetup#Feedback
+[2] https://developers.redhat.com/articles/2024/02/27/handling-fips-mode-upstream-projects-rhel#
+
+Signed-off-by: Coiby Xu <coxu@redhat.com>
+---
+ mkdumprd | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/mkdumprd b/mkdumprd
+index c51d28f4..047a32ea 100644
+--- a/mkdumprd
++++ b/mkdumprd
+@@ -424,7 +424,7 @@ if ! is_fadump_capable; then
+ 
+ 	dracut_args+=(--no-hostonly-default-device)
+ 
+-	if fips-mode-setup --is-enabled 2> /dev/null; then
++	if [[ $(cat /proc/sys/crypto/fips_enabled) == 1  ]]; then
+ 		dracut_args+=(--add-device "$(findmnt -n -o SOURCE --target /boot)")
+ 	fi
+ fi
+-- 
+2.48.1
+

kdump-utils.spec

@@ -11,6 +11,7 @@ Source0: https://github.com/rhkdump/kdump-utils/archive/v%{version}/%{name}-%{ve
 Patch01: 0001-powerpc-fix-early-exit-from-udev-on-hotplug-event-fo.patch
 Patch02: 0002-99-kdump.conf-Omit-nouveau-and-amdgpu-module.patch
 Patch03: 0003-99-kdump.conf-Omit-hwdb-dracut-module.patch
+Patch04: 0004-Check-proc-sys-crypto-fips_enabled-to-tell-if-FIPS-h.patch
 
 %ifarch ppc64 ppc64le
 Requires(post): servicelog