34 lines
1.8 KiB
Diff
34 lines
1.8 KiB
Diff
From 61ff9fd6f455ee49608cab2c851a3819c180c30a Mon Sep 17 00:00:00 2001
|
|
From: Watson Sato <wsato@redhat.com>
|
|
Date: Tue, 16 Aug 2022 18:53:02 +0200
|
|
Subject: [PATCH] Don't fail rule if /etc/grubenv missing on s390x
|
|
|
|
There is no need to check /etc/grubenv for fips=1 on s390x systems, it
|
|
uses zIPL.
|
|
---
|
|
.../integrity/fips/enable_fips_mode/oval/shared.xml | 9 ++++++++-
|
|
1 file changed, 8 insertions(+), 1 deletion(-)
|
|
|
|
diff --git a/linux_os/guide/system/software/integrity/fips/enable_fips_mode/oval/shared.xml b/linux_os/guide/system/software/integrity/fips/enable_fips_mode/oval/shared.xml
|
|
index 65056a654c6..7af675de0d3 100644
|
|
--- a/linux_os/guide/system/software/integrity/fips/enable_fips_mode/oval/shared.xml
|
|
+++ b/linux_os/guide/system/software/integrity/fips/enable_fips_mode/oval/shared.xml
|
|
@@ -7,9 +7,16 @@
|
|
<extend_definition comment="Dracut FIPS module is enabled" definition_ref="enable_dracut_fips_module" />
|
|
<extend_definition comment="system cryptography policy is configured" definition_ref="configure_crypto_policy" />
|
|
<criterion comment="check if system crypto policy selection in var_system_crypto_policy in the profile is set to FIPS" test_ref="test_system_crypto_policy_value" />
|
|
- {{% if product in ["ol8","rhel8"] %}}
|
|
+ {{% if product in ["ol8"] %}}
|
|
<criterion comment="check if the kernel boot parameter is configured for FIPS mode"
|
|
test_ref="test_grubenv_fips_mode" />
|
|
+ {{% elif product in ["rhel8"] %}}
|
|
+ <criteria operator="OR">
|
|
+ <extend_definition comment="Generic test for s390x architecture"
|
|
+ definition_ref="system_info_architecture_s390_64" />
|
|
+ <criterion comment="check if the kernel boot parameter is configured for FIPS mode"
|
|
+ test_ref="test_grubenv_fips_mode" />
|
|
+ </criteria>
|
|
{{% endif %}}
|
|
</criteria>
|
|
</definition>
|