This allows to better understand at what point a FIPS integrity test failed.
Signed-off-by: Raymund Will <rw@suse.com>
die "FIPS mode have to be enabled by 'fips=1' not just 'fips'"
elif getarg boot= > /dev/null; then
. /sbin/fips.sh
+ fips_info "fips-boot: start"
if mount_boot; then
do_fips || die "FIPS integrity test failed"
fi
+ fips_info "fips-boot: done!"
fi
die "FIPS mode have to be enabled by 'fips=1' not just 'fips'"
else
. /sbin/fips.sh
+ fips_info "fips-load-crypto: start"
fips_load_crypto || die "FIPS integrity test failed"
+ fips_info "fips-load-crypto: done!"
fi
die "FIPS mode have to be enabled by 'fips=1' not just 'fips'"
elif ! [ -f /tmp/fipsdone ]; then
. /sbin/fips.sh
+ fips_info "fips-noboot: start"
mount_boot
do_fips || die "FIPS integrity test failed"
+ fips_info "fips-noboot: done!"
fi