From 722b45982e954d47e507d4aa33fbe8003da34d91 Mon Sep 17 00:00:00 2001
From: Coiby Xu <coxu@redhat.com>
Date: Mon, 17 Feb 2025 11:02:05 +0800
Subject: [PATCH] Check /proc/sys/crypto/fips_enabled to tell if FIPS has been
 enabled

Resolves: https://issues.redhat.com/browse/RHEL-75539

A proposal [1] has been submitted to remove fips-mode-setup from Fedora
42. And we are suggested to tell if FIPS has been enabled by check if
/proc/sys/crypto/fips_enabled has 1.

[1] https://fedoraproject.org/wiki/Changes/RemoveFipsModeSetup#Feedback
[2] https://developers.redhat.com/articles/2024/02/27/handling-fips-mode-upstream-projects-rhel#

Signed-off-by: Coiby Xu <coxu@redhat.com>
---
 mkdumprd | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/mkdumprd b/mkdumprd
index c51d28f4..047a32ea 100644
--- a/mkdumprd
+++ b/mkdumprd
@@ -424,7 +424,7 @@ if ! is_fadump_capable; then
 
 	dracut_args+=(--no-hostonly-default-device)
 
-	if fips-mode-setup --is-enabled 2> /dev/null; then
+	if [[ $(cat /proc/sys/crypto/fips_enabled) == 1  ]]; then
 		dracut_args+=(--add-device "$(findmnt -n -o SOURCE --target /boot)")
 	fi
 fi
-- 
2.48.1