File 0242-02fips-aesni-add-fips-with-aesni-intel.patch of Package dracut

From c1cb0de4d547ea8b92203dba61a6353945a0eb2b Mon Sep 17 00:00:00 2001
From: Harald Hoyer <harald@redhat.com>
Date: Fri, 23 Sep 2011 14:12:06 +0200
Subject: [PATCH] 02fips-aesni: add fips with aesni-intel

---
 dracut.spec                          | 15 +++++++++++++++
 modules.d/02fips-aesni/check         |  5 +++++
 modules.d/02fips-aesni/installkernel | 14 ++++++++++++++
 3 files changed, 34 insertions(+)
 create mode 100755 modules.d/02fips-aesni/check
 create mode 100755 modules.d/02fips-aesni/installkernel

diff --git a/dracut.spec b/dracut.spec
index 401bb6e..375fad1 100644
--- a/dracut.spec
+++ b/dracut.spec
@@ -95,6 +95,15 @@ Requires: nss-softokn-freebl
 This package requires everything which is needed to build an
 all purpose initramfs with dracut, which does an integrity check.
 
+%package fips-aesni
+Summary: Dracut modules to build a dracut initramfs with an integrity check with aesni-intel
+Requires: %{name}-fips = %{version}-%{release}
+
+%description fips-aesni
+This package requires everything which is needed to build an
+all purpose initramfs with dracut, which does an integrity check 
+and adds the aesni-intel kernel module.
+
 %package caps
 Summary: Dracut modules to build a dracut initramfs which drops capabilities
 Requires: %{name} = %{version}-%{release}
@@ -152,6 +161,7 @@ make install DESTDIR=$RPM_BUILD_ROOT sbindir=/sbin \
 
 echo %{name}-%{version}-%{release} > $RPM_BUILD_ROOT/%{_datadir}/dracut/modules.d/10rpmversion/dracut-version
 rm $RPM_BUILD_ROOT/%{_datadir}/dracut/modules.d/01fips/check
+rm $RPM_BUILD_ROOT/%{_datadir}/dracut/modules.d/02fips-aesni/check
 
 mkdir -p $RPM_BUILD_ROOT/boot/dracut
 mkdir -p $RPM_BUILD_ROOT/var/lib/dracut/overlay
@@ -233,6 +243,11 @@ rm -rf $RPM_BUILD_ROOT
 %doc COPYING
 %{_datadir}/dracut/modules.d/01fips
 
+%files fips-aesni
+%defattr(-,root,root,0755)
+%doc COPYING
+%{_datadir}/dracut/modules.d/02fips-aesni
+
 %files caps
 %defattr(-,root,root,0755)
 %doc COPYING
diff --git a/modules.d/02fips-aesni/check b/modules.d/02fips-aesni/check
new file mode 100755
index 0000000..9d8d2e6
--- /dev/null
+++ b/modules.d/02fips-aesni/check
@@ -0,0 +1,5 @@
+#!/bin/bash
+
+[[ $1 = -d ]] && exit 0
+exit 255
+
diff --git a/modules.d/02fips-aesni/installkernel b/modules.d/02fips-aesni/installkernel
new file mode 100755
index 0000000..27d6b4d
--- /dev/null
+++ b/modules.d/02fips-aesni/installkernel
@@ -0,0 +1,14 @@
+#!/bin/bash
+
+FIPSMODULES="aesni-intel"
+
+mkdir -p "${initdir}/etc/modprobe.d"
+
+for mod in $FIPSMODULES; do 
+    if hostonly='' instmods $mod; then
+        echo $mod >> "${initdir}/etc/fipsmodules"
+        echo "blacklist $mod" >> "${initdir}/etc/modprobe.d/fips.conf"
+    fi
+done
+
+# vim:ts=8:sw=4:sts=4:et
-- 
1.8.3.1