modules.d/01fips/module-setup.sh

   1 #!/bin/bash
   2 # -*- mode: shell-script; indent-tabs-mode: nil; sh-basic-offset: 4; -*-
   3 # ex: ts=8 sw=4 sts=4 et filetype=sh
   4
   5 check() {
   6     return 255
   7 }
   8
   9 depends() {
  10     return 0
  11 }
  12
  13 installkernel() {
  14     local _fipsmodules _mod
  15     _fipsmodules="aead aes_generic aes-xts aes-x86_64 ansi_cprng cbc ccm chainiv ctr"
  16     _fipsmodules+=" des deflate ecb eseqiv hmac seqiv sha256 sha512"
  17     _fipsmodules+=" cryptomgr crypto_null tcrypt dm-mod dm-crypt"
  18
  19     mkdir -m 0755 -p "${initdir}/etc/modprobe.d"
  20
  21     for _mod in $_fipsmodules; do
  22         if instmods $_mod; then
  23             echo $_mod >> "${initdir}/etc/fipsmodules"
  24             echo "blacklist $_mod" >> "${initdir}/etc/modprobe.d/fips.conf"
  25         fi
  26     done
  27 }
  28
  29 install() {
  30     local _dir
  31     inst_hook pre-trigger 01 "$moddir/fips-boot.sh"
  32     inst_hook pre-pivot 01 "$moddir/fips-noboot.sh"
  33     inst "$moddir/fips.sh" /sbin/fips.sh
  34
  35     dracut_install sha512hmac rmmod insmod mount uname umount
  36
  37     inst_libdir_file libsoftokn3.so
  38     inst_libdir_file libsoftokn3.so
  39     inst_libdir_file libsoftokn3.chk
  40     inst_libdir_file libfreebl3.so
  41     inst_libdir_file libfreebl3.chk
  42
  43     dracut_install $usrlibdir/hmaccalc/sha512hmac.hmac
  44     if command -v prelink >/dev/null; then
  45         dracut_install prelink
  46     fi
  47 }
  48