From 5d2bf7ce08fdb6d7c3d618010c997ed6955c4edc Mon Sep 17 00:00:00 2001 From: "Brian C. Lane" Date: Wed, 7 May 2025 09:46:40 -0700 Subject: [PATCH] Add a boot menu for fips=1 In RHEL10 it is no longer possible to switch a system to FIPS after it is installed. Setting fips=1 is documents, but in order to make it easier for users there should also be a menu entry. Resolves: RHEL-91929 --- 80-rhel/config_files/aarch64/grub2-efi.cfg | 4 ++++ 80-rhel/config_files/ppc/grub.cfg.in | 5 +++++ 80-rhel/config_files/x86/grub2-bios.cfg | 4 ++++ 80-rhel/config_files/x86/grub2-efi.cfg | 4 ++++ 80-rhel/config_files/x86/isolinux.cfg | 5 +++++ 5 files changed, 22 insertions(+) diff --git a/80-rhel/config_files/aarch64/grub2-efi.cfg b/80-rhel/config_files/aarch64/grub2-efi.cfg index 1ce5d33..d9756d8 100644 --- a/80-rhel/config_files/aarch64/grub2-efi.cfg +++ b/80-rhel/config_files/aarch64/grub2-efi.cfg @@ -34,6 +34,10 @@ menuentry 'Test this media & install @PRODUCT@ @VERSION@' --class red --class gn linux @KERNELPATH@ @ROOT@ rd.live.check initrd @INITRDPATH@ } +menuentry 'Install @PRODUCT@ @VERSION@ in FIPS mode' --class red --class gnu-linux --class gnu --class os { + linux @KERNELPATH@ @ROOT@ ro fips=1 + initrd @INITRDPATH@ +} submenu 'Troubleshooting -->' { menuentry 'Install @PRODUCT@ @VERSION@ in basic graphics mode' --class red --class gnu-linux --class gnu --class os { linux @KERNELPATH@ @ROOT@ nomodeset diff --git a/80-rhel/config_files/ppc/grub.cfg.in b/80-rhel/config_files/ppc/grub.cfg.in index 1b14ede..f689bbd 100644 --- a/80-rhel/config_files/ppc/grub.cfg.in +++ b/80-rhel/config_files/ppc/grub.cfg.in @@ -13,6 +13,11 @@ menuentry "Test this media & install @PRODUCT@ @VERSION@ (64-bit kernel)" --cla initrd /ppc/ppc64/initrd.img } +menuentry "Install @PRODUCT@ @VERSION@ (64-bit kernel) in FIPS mode" --class fedora --class gnu-linux --class gnu --class os { + linux /ppc/ppc64/vmlinuz @ROOT@ ro fips=1 + initrd /ppc/ppc64/initrd.img +} + menuentry "Rescue a @PRODUCT@ system (64-bit kernel)" --class fedora --class gnu-linux --class gnu --class os { linux /ppc/ppc64/vmlinuz @ROOT@ inst.rescue ro initrd /ppc/ppc64/initrd.img diff --git a/80-rhel/config_files/x86/grub2-bios.cfg b/80-rhel/config_files/x86/grub2-bios.cfg index cfca1bf..a5c6461 100644 --- a/80-rhel/config_files/x86/grub2-bios.cfg +++ b/80-rhel/config_files/x86/grub2-bios.cfg @@ -25,6 +25,10 @@ menuentry 'Test this media & install @PRODUCT@ @VERSION@' --class fedora --class linux @KERNELPATH@ @ROOT@ rd.live.check quiet initrd @INITRDPATH@ } +menuentry 'Install @PRODUCT@ @VERSION@ in FIPS mode' --class fedora --class gnu-linux --class gnu --class os { + linux @KERNELPATH@ @ROOT@ quiet fips=1 + initrd @INITRDPATH@ +} submenu 'Troubleshooting -->' { menuentry 'Install @PRODUCT@ @VERSION@ in basic graphics mode' --class fedora --class gnu-linux --class gnu --class os { linux @KERNELPATH@ @ROOT@ nomodeset quiet diff --git a/80-rhel/config_files/x86/grub2-efi.cfg b/80-rhel/config_files/x86/grub2-efi.cfg index 8c9adad..4d9bb26 100644 --- a/80-rhel/config_files/x86/grub2-efi.cfg +++ b/80-rhel/config_files/x86/grub2-efi.cfg @@ -28,6 +28,10 @@ menuentry 'Test this media & install @PRODUCT@ @VERSION@' --class fedora --class linuxefi @KERNELPATH@ @ROOT@ rd.live.check quiet initrdefi @INITRDPATH@ } +menuentry 'Install @PRODUCT@ @VERSION@ in FIPS mode' --class fedora --class gnu-linux --class gnu --class os { + linuxefi @KERNELPATH@ @ROOT@ quiet fips=1 + initrdefi @INITRDPATH@ +} submenu 'Troubleshooting -->' { menuentry 'Install @PRODUCT@ @VERSION@ in basic graphics mode' --class fedora --class gnu-linux --class gnu --class os { linuxefi @KERNELPATH@ @ROOT@ nomodeset quiet diff --git a/80-rhel/config_files/x86/isolinux.cfg b/80-rhel/config_files/x86/isolinux.cfg index 216d36f..b5bbcc2 100644 --- a/80-rhel/config_files/x86/isolinux.cfg +++ b/80-rhel/config_files/x86/isolinux.cfg @@ -69,6 +69,11 @@ label check kernel vmlinuz append initrd=initrd.img @ROOT@ rd.live.check quiet +label fips + menu label ^Install @PRODUCT@ @VERSION@ in FIPS mode + kernel vmlinuz + append initrd=initrd.img @ROOT@ quiet fips=1 + menu separator # insert an empty line # utilities submenu