dracut/0092-Fix-fips-module-list.patch

From 4ee59ab3ed59475923a1fed0a8a52f5a03799c93 Mon Sep 17 00:00:00 2001
From: Milan Broz <mbroz@redhat.com>
Date: Mon, 16 Jul 2012 16:28:47 +0200
Subject: [PATCH] Fix fips module list.

If dracut is build only with fips/fips-aesni (no crypto module),
FIPS mode fails because of missing GCM modules.

Just add proper modules to list (kernel have both maker as FIPS compliant already).

Signed-off-by: Milan Broz <mbroz@redhat.com>
---
 modules.d/01fips/module-setup.sh       |    2 +-
 modules.d/02fips-aesni/module-setup.sh |    2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/modules.d/01fips/module-setup.sh b/modules.d/01fips/module-setup.sh
index 2d238fb..2517964 100755
--- a/modules.d/01fips/module-setup.sh
+++ b/modules.d/01fips/module-setup.sh
@@ -12,7 +12,7 @@ depends() {
 
 installkernel() {
     local _fipsmodules _mod
-    _fipsmodules="aead aes_generic xts aes-x86_64 ansi_cprng cbc ccm chainiv ctr"
+    _fipsmodules="aead aes_generic xts aes-x86_64 ansi_cprng cbc ccm chainiv ctr gcm ghash_generic"
     _fipsmodules+=" des deflate ecb eseqiv hmac seqiv sha256 sha256_generic sha512 sha512_generic"
     _fipsmodules+=" cryptomgr crypto_null tcrypt dm-mod dm-crypt"
 
diff --git a/modules.d/02fips-aesni/module-setup.sh b/modules.d/02fips-aesni/module-setup.sh
index f8fb705..fb4010d 100755
--- a/modules.d/02fips-aesni/module-setup.sh
+++ b/modules.d/02fips-aesni/module-setup.sh
@@ -12,7 +12,7 @@ depends() {
 
 installkernel() {
     local _fipsmodules _mod
-    _fipsmodules="aesni-intel"
+    _fipsmodules="aesni-intel ghash_clmulni_intel"
 
     mkdir -m 0755 -p "${initdir}/etc/modprobe.d"
dracut-020-96.git20120717 - disabled systemd in the initramfs, until it works correctly 2012-07-17 09:13:39 +00:00			`From 4ee59ab3ed59475923a1fed0a8a52f5a03799c93 Mon Sep 17 00:00:00 2001`
			`From: Milan Broz <mbroz@redhat.com>`
			`Date: Mon, 16 Jul 2012 16:28:47 +0200`
			`Subject: [PATCH] Fix fips module list.`

			`If dracut is build only with fips/fips-aesni (no crypto module),`
			`FIPS mode fails because of missing GCM modules.`

			`Just add proper modules to list (kernel have both maker as FIPS compliant already).`

			`Signed-off-by: Milan Broz <mbroz@redhat.com>`
			`---`
			`modules.d/01fips/module-setup.sh \| 2 +-`
			`modules.d/02fips-aesni/module-setup.sh \| 2 +-`
			`2 files changed, 2 insertions(+), 2 deletions(-)`

			`diff --git a/modules.d/01fips/module-setup.sh b/modules.d/01fips/module-setup.sh`
			`index 2d238fb..2517964 100755`
			`--- a/modules.d/01fips/module-setup.sh`
			`+++ b/modules.d/01fips/module-setup.sh`
			`@@ -12,7 +12,7 @@ depends() {`

			`installkernel() {`
			`local _fipsmodules _mod`
			`- _fipsmodules="aead aes_generic xts aes-x86_64 ansi_cprng cbc ccm chainiv ctr"`
			`+ _fipsmodules="aead aes_generic xts aes-x86_64 ansi_cprng cbc ccm chainiv ctr gcm ghash_generic"`
			`_fipsmodules+=" des deflate ecb eseqiv hmac seqiv sha256 sha256_generic sha512 sha512_generic"`
			`_fipsmodules+=" cryptomgr crypto_null tcrypt dm-mod dm-crypt"`

			`diff --git a/modules.d/02fips-aesni/module-setup.sh b/modules.d/02fips-aesni/module-setup.sh`
			`index f8fb705..fb4010d 100755`
			`--- a/modules.d/02fips-aesni/module-setup.sh`
			`+++ b/modules.d/02fips-aesni/module-setup.sh`
			`@@ -12,7 +12,7 @@ depends() {`

			`installkernel() {`
			`local _fipsmodules _mod`
			`- _fipsmodules="aesni-intel"`
			`+ _fipsmodules="aesni-intel ghash_clmulni_intel"`

			`mkdir -m 0755 -p "${initdir}/etc/modprobe.d"`