Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
SUSE:SLE-12-SP1:Update
dracut.3330
0053-01fips-fixup-loading-issues.patch
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File 0053-01fips-fixup-loading-issues.patch of Package dracut.3330
From c0fd9c31e9044b99edb850c4af229887b616e828 Mon Sep 17 00:00:00 2001 From: Hannes Reinecke <hare@suse.de> Date: Mon, 2 Jun 2014 15:02:04 +0200 Subject: [PATCH] 01fips: fixup loading issues Adjust the FIPS module list to avoid loading issues References: bnc#875855 Signed-off-by: Marcus Meissner <meissner@suse.de> --- modules.d/01fips/fips.sh | 12 ++++++++++++ modules.d/01fips/module-setup.sh | 12 +++++++++--- 2 files changed, 21 insertions(+), 3 deletions(-) diff --git a/modules.d/01fips/fips.sh b/modules.d/01fips/fips.sh index 7fa48f1..07bd1da 100755 --- a/modules.d/01fips/fips.sh +++ b/modules.d/01fips/fips.sh @@ -100,6 +100,18 @@ do_fips() _found=1 break done </proc/crypto + # If we find some hardware specific modules and cannot load them + # it is not a problem, proceed. + if [ "$_found" = "0" ]; then + if [ "$_module" != "${_module%-intel}" \ + -o "$_module" != "${_module%-ssse3}" \ + -o "$_module" != "${_module%-x86_64}" \ + -o "$_module" != "${_module%z90}" \ + ]; then + _found=1 + fi + fi + [ "$_found" = "0" ] && return 1 fi fi diff --git a/modules.d/01fips/module-setup.sh b/modules.d/01fips/module-setup.sh index a4081dc..aa56fcf 100755 --- a/modules.d/01fips/module-setup.sh +++ b/modules.d/01fips/module-setup.sh @@ -18,8 +18,12 @@ installkernel() { _fipsmodules="aead aes_generic aes-x86_64 ansi_cprng arc4 blowfish camellia cast6 cbc ccm " _fipsmodules+="chainiv crc32c crct10dif_generic cryptomgr crypto_null ctr cts deflate des des3_ede dm-crypt dm-mod " _fipsmodules+="ecb eseqiv fcrypt gcm ghash_generic hmac khazad lzo md4 md5 michael_mic rmd128 " - _fipsmodules+="rmd160 rmd256 rmd320 rot13 salsa20 seed seqiv serpent sha1 sha224 sha256 sha256_generic " - _fipsmodules+="sha384 sha512 sha512_generic tcrypt tea tnepres twofish wp256 wp384 wp512 xeta xtea xts zlib" + _fipsmodules+="rmd160 rmd256 rmd320 salsa20 seed seqiv serpent sha1 sha224 sha256 sha256_generic " + _fipsmodules+="sha384 sha512 sha512_generic tcrypt tea tnepres twofish wp256 wp384 wp512 xeta xtea xts zlib " + _fipsmodules+="sha512-ssse3 sha1-ssse3 sha256-ssse3 " + _fipsmodules+="ghash-clmulni-intel " + + # once it is in the kernel: _fipsmodules+="drbg " mkdir -m 0755 -p "${initdir}/etc/modprobe.d" @@ -44,7 +48,9 @@ install() { libsoftokn3.chk libfreebl3.so libfreebl3.chk \ libssl.so 'hmaccalc/sha512hmac.hmac' libssl.so.10 - inst_multiple -o prelink + # we do not use prelink at SUSE + #inst_multiple -o prelink + inst_simple /etc/system-fips } -- 1.8.4.5
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor