15 local _fipsmodules _mod _bootfstype
16 if [[ -f "${srcmods}/modules.fips" ]]; then
17 _fipsmodules
="$(cat "${srcmods}/modules.fips
")"
22 _fipsmodules
+="sha1 sha224 sha256 sha384 sha512 "
23 _fipsmodules
+="sha3-224 sha3-256 sha3-384 sha3-512 "
24 _fipsmodules
+="crc32c crct10dif ghash "
27 _fipsmodules
+="cipher_null des3_ede aes cfb "
30 _fipsmodules
+="ecb cbc ctr xts gcm ccm authenc hmac cmac ofb cts "
33 _fipsmodules
+="deflate lzo zlib "
36 _fipsmodules
+="ansi_cprng "
39 _fipsmodules
+="aead cryptomgr tcrypt crypto_user "
42 mkdir
-m 0755 -p "${initdir}/etc/modprobe.d"
44 for _mod
in $_fipsmodules; do
45 if hostonly
='' instmods
-c -s $_mod; then
46 echo $_mod >> "${initdir}/etc/fipsmodules"
47 echo "blacklist $_mod" >> "${initdir}/etc/modprobe.d/fips.conf"
51 # with hostonly_default_device fs module for /boot is not installed by default
52 if [[ $hostonly ]] && [[ "$hostonly_default_device" == "no" ]]; then
53 _bootfstype
=$
(find_mp_fstype
/boot
)
54 if [[ -n "$_bootfstype" ]]; then
55 hostonly
='' instmods
$_bootfstype
57 dwarning
"Can't determine fs type for /boot, FIPS check may fail."
65 inst_hook pre-mount
01 "$moddir/fips-boot.sh"
66 inst_hook pre-pivot
01 "$moddir/fips-noboot.sh"
67 inst_hook pre-udev
01 "$moddir/fips-load-crypto.sh"
68 inst_script
"$moddir/fips.sh" /sbin
/fips.sh
70 inst_multiple sha512hmac rmmod insmod mount uname umount
72 inst_simple
/etc
/system-fips
73 [ -c ${initdir}/dev
/random
] || mknod
${initdir}/dev
/random c
1 8 \
75 dfatal
"Cannot create /dev/random"
76 dfatal
"To create an initramfs with fips support, dracut has to run as root"
79 [ -c ${initdir}/dev
/urandom
] || mknod
${initdir}/dev
/urandom c
1 9 \
81 dfatal
"Cannot create /dev/random"
82 dfatal
"To create an initramfs with fips support, dracut has to run as root"