From: Antonio Alvarez Feijoo <antonio.feijoo@suse.com>
Date: Tue, 27 Dec 2022 08:29:44 +0000 (+0100)
Subject: feat(fips): add progress messages
X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=68d0653e35f79e78b75a71c122c091ba4f4d5759;p=thirdparty%2Fdracut.git

feat(fips): add progress messages

This allows to better understand at what point a FIPS integrity test failed.

Signed-off-by: Raymund Will <rw@suse.com>
---

diff --git a/modules.d/01fips/fips-boot.sh b/modules.d/01fips/fips-boot.sh
index 031d169a6..34760e018 100755
--- a/modules.d/01fips/fips-boot.sh
+++ b/modules.d/01fips/fips-boot.sh
@@ -8,7 +8,9 @@ elif [ -z "$fipsmode" ]; then
     die "FIPS mode have to be enabled by 'fips=1' not just 'fips'"
 elif getarg boot= > /dev/null; then
     . /sbin/fips.sh
+    fips_info "fips-boot: start"
     if mount_boot; then
         do_fips || die "FIPS integrity test failed"
     fi
+    fips_info "fips-boot: done!"
 fi
diff --git a/modules.d/01fips/fips-load-crypto.sh b/modules.d/01fips/fips-load-crypto.sh
index 21e992785..6ef42b951 100755
--- a/modules.d/01fips/fips-load-crypto.sh
+++ b/modules.d/01fips/fips-load-crypto.sh
@@ -8,5 +8,7 @@ elif [ -z "$fipsmode" ]; then
     die "FIPS mode have to be enabled by 'fips=1' not just 'fips'"
 else
     . /sbin/fips.sh
+    fips_info "fips-load-crypto: start"
     fips_load_crypto || die "FIPS integrity test failed"
+    fips_info "fips-load-crypto: done!"
 fi
diff --git a/modules.d/01fips/fips-noboot.sh b/modules.d/01fips/fips-noboot.sh
index f00c2f326..963a034d6 100755
--- a/modules.d/01fips/fips-noboot.sh
+++ b/modules.d/01fips/fips-noboot.sh
@@ -8,6 +8,8 @@ elif [ -z "$fipsmode" ]; then
     die "FIPS mode have to be enabled by 'fips=1' not just 'fips'"
 elif ! [ -f /tmp/fipsdone ]; then
     . /sbin/fips.sh
+    fips_info "fips-noboot: start"
     mount_boot
     do_fips || die "FIPS integrity test failed"
+    fips_info "fips-noboot: done!"
 fi