File: module-setup.sh

package info (click to toggle)
dracut 106-6
  • links: PTS, VCS
  • area: main
  • in suites: trixie
  • size: 4,708 kB
  • sloc: sh: 24,384; ansic: 4,704; makefile: 315; perl: 186; python: 28; javascript: 19
file content (78 lines) | stat: -rwxr-xr-x 2,263 bytes parent folder | download | duplicates (2) 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
 
#!/bin/bash

# called by dracut
check() {
    return 255
}

# called by dracut
installkernel() {
    local _fipsmodules _mod _bootfstype
    if [[ -f "${srcmods}/modules.fips" ]]; then
        read -d '' -r _fipsmodules < "${srcmods}/modules.fips"
    else
        _fipsmodules=""

        # Hashes:
        _fipsmodules+="sha1 sha224 sha256 sha384 sha512 "
        _fipsmodules+="sha3-224 sha3-256 sha3-384 sha3-512 "
        _fipsmodules+="crc32c crct10dif ghash "

        # Ciphers:
        _fipsmodules+="cipher_null des3_ede aes cfb dh ecdh "

        # Modes/templates:
        _fipsmodules+="ecb cbc ctr xts gcm ccm authenc hmac cmac ofb cts "

        # Compression algs:
        _fipsmodules+="deflate lzo "

        # PRNG algs:
        _fipsmodules+="ansi_cprng "

        # Misc:
        _fipsmodules+="aead cryptomgr tcrypt crypto_user "
    fi

    for _mod in $_fipsmodules; do
        if hostonly='' instmods -c -s "$_mod"; then
            echo "$_mod" >> "${initdir}/etc/fipsmodules"
            echo "blacklist $_mod" >> "${initdir}/etc/fips.conf"
        fi
    done

    # with hostonly_default_device fs module for /boot is not installed by default
    if [[ $hostonly ]] && [[ $hostonly_default_device == "no" ]]; then
        _bootfstype=$(find_mp_fstype /boot)
        if [[ -n $_bootfstype ]]; then
            hostonly='' instmods "$_bootfstype"
        else
            dwarning "Can't determine fs type for /boot, FIPS check may fail."
        fi
    fi
}

# called by dracut
install() {
    inst_hook pre-pivot 00 "$moddir/fips-boot.sh"
    inst_hook pre-pivot 01 "$moddir/fips-noboot.sh"
    inst_hook pre-udev 01 "$moddir/fips-load-crypto.sh"
    inst_script "$moddir/fips.sh" /sbin/fips.sh

    inst_multiple sha512hmac rmmod insmod mount uname umount grep sed cut find sort cat tail tr

    inst_simple /etc/system-fips

    # if we have openssl we need to install their fips library and configuration
    [ -x /usr/bin/openssl ] && {
        read -r _ conf < <(openssl version -d)
        conf=${conf#\"}
        conf=${conf%\"}
        inst_simple "${moddir}/openssl.cnf" "$conf/openssl.cnf"

        read -r _ mod < <(openssl version -m)
        mod=${mod#\"}
        mod=${mod%\"}
        inst_simple "$mod/fips.so"
    }
}