From c6ccef8827af134884c5b2c785e07eb0b144450b Mon Sep 17 00:00:00 2001

From: Kairui Song <kasong@redhat.com>

Date: Thu, 14 Mar 2019 18:54:10 +0800

Subject: [PATCH] fips: ensure fs module for /boot is installed

When using dracut with  --hostonly and --no-hostonly-default-device,

/boot will be inaccessible as dracut will most fs modules unless

specified. But FIPS require /boot to be accessible, and it will try

to mount it on boot. It will fail if corresponding fs module is missing.

For most case /boot will be a simple partition, include the fs module

will be enough for FIPS to mount it. For other cases users have to pass

extra parameters by themselves.

Suggested-by: Kenneth Dsouza <kdsouza@redhat.com>

Signed-off-by: Kairui Song <kasong@redhat.com>

Cherry-picked from: 8365177644bee107dcb66a71c8a7509900c9ece4

Resolves: #1672817

---

 modules.d/01fips/module-setup.sh | 12 +++++++++++-

 1 file changed, 11 insertions(+), 1 deletion(-)

diff --git a/modules.d/01fips/module-setup.sh b/modules.d/01fips/module-setup.sh

index 242d4dd9..834e7d7d 100755

--- a/modules.d/01fips/module-setup.sh

+++ b/modules.d/01fips/module-setup.sh

@@ -11,7 +11,7 @@ depends() {

 }

 installkernel() {

-    local _fipsmodules _mod i

+    local _fipsmodules _mod i _bootfstype

     if [[ -f "${srcmods}/modules.fips" ]]; then

         _fipsmodules="$(cat "${srcmods}/modules.fips")"

@@ -36,6 +36,16 @@ installkernel() {

             done

         fi

     done

+

+    # with hostonly_default_device fs module for /boot is not installed by default

+    if [[ $hostonly ]] && [[ "$hostonly_default_device" == "no" ]]; then

+        _bootfstype=$(find_mp_fstype /boot)

+        if [[ -n "$_bootfstype" ]]; then

+            hostonly='' instmods $_bootfstype

+        else

+            dwarning "Can't determine fs type for /boot, FIPS check may fail."

+        fi

+    fi

 }

 install() {