From 9b051369fc89206721fb53045ed06f6c2b483b43 Mon Sep 17 00:00:00 2001
From: Coiby Xu <coxu@redhat.com>
Date: Thu, 10 Aug 2023 14:17:11 +0800
Subject: [PATCH] mkdumprd: call dracut with --add-device to install the
 drivers needed by /boot partition automatically for FIPS

Resolves: bz2185794
Upstream: Fedora
Conflicts: small change

commit 443a43e0750d14c8e3290ecf76535d1746bfac6a
Author: Coiby Xu <coxu@redhat.com>
Date:   Wed May 24 12:01:45 2023 +0800

    mkdumprd: call dracut with --add-device to install the drivers needed by /boot partition automatically for FIPS

    Currently, kdump doesn't work on many FIPS-enabled systems including
    Azure, ESXI, Hyper, POWER and etc. When FIPS is enabled, it needs to
    access /boot//.vmlinuz-xxx.hmac to verify the integrity of the kernel.
    However, on those systems, /boot fails to be mounted due to a lack of
    fs and block device drivers and the system just halted after failing to
    verify the integrity of the kernel. For example, on Hyper-V, sd_mod, sg,
    scsi_transport_fc, hv_storvsc and hv_vmbus need to be installed in order
    for /boot to be mounted.

    mkdumprd calls dracut with the --no-hostonly-default-device. Following
    the documentation (man dracut),
        --no-hostonly-default-device
          Do not generate implicit host devices like root, swap, fstab, etc.
          Use "--mount" or "--add-device" to explicitly add devices as needed

    this patch uses "--add-device" to explicitly add the device of /boot.

    Note there is already an attempt to fix it in dracut's 01fips module
    i.e. via the commit 83651776 ("fips: ensure fs module for /boot is
    installed"). Unfortunately it only installs the file system driver e.g.
    xfs.

    Reviewed-by: Philipp Rudo <prudo@redhat.com>
    Signed-off-by: Coiby Xu <coxu@redhat.com>

Signed-off-by: Coiby Xu <coxu@redhat.com>
---
 mkdumprd | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/mkdumprd b/mkdumprd
index f5bfd65..861bf27 100644
--- a/mkdumprd
+++ b/mkdumprd
@@ -442,7 +442,11 @@ if ! is_fadump_capable; then
     # so it doesn't affect the logic of check_dump_fs_modified().
     is_dump_to_rootfs && add_mount "$(to_dev_name $(get_root_fs_device))"
 
-    add_dracut_arg "--no-hostonly-default-device"
+	add_dracut_arg "--no-hostonly-default-device"
+
+	if fips-mode-setup --is-enabled 2 > /dev/null; then
+		add_dracut_arg --add-device "$(findmnt -n -o SOURCE --target /boot)"
+	fi
 fi
 
 echo "$dracut_args $@" | xargs dracut