From 2e3528acec47549bfed4199d15fc27e5d10275a9 Mon Sep 17 00:00:00 2001
From: Riccardo Pittau <elfosardo@gmail.com>
Date: Fri, 26 Jul 2024 11:20:23 +0200
Subject: [PATCH] Enable fips in iso kernel options on fips systems

---
 scripts/copy-iso | 13 ++++++++++++-
 1 file changed, 12 insertions(+), 1 deletion(-)

diff --git a/scripts/copy-iso b/scripts/copy-iso
index f176f10..ecaf48d 100755
--- a/scripts/copy-iso
+++ b/scripts/copy-iso
@@ -20,10 +20,21 @@ copy_if_needed() {
     else
         rm -f "${dest_file}.sha256"
         echo "Extracting ISO file" >&2
+        KERNEL_ARGS=""
         if [ -n "${IP_OPTIONS:-}" ]; then
             echo "Adding kernel argument ${IP_OPTIONS}" >&2
+            KERNEL_ARGS+="${IP_OPTIONS} "
+        fi
+        if [ -f /proc/sys/crypto/fips_enabled ]; then
+            if [ "$(cat /proc/sys/crypto/fips_enabled)" = "1"]; then
+                echo "Adding kernel argument fips=1" >&2
+                KERNEL_ARGS+="fips=1 "
+            fi
+        fi
+        if [ ! -z $KERNEL_ARGS ]; then
             rm -f "${dest_file}"
-            coreos-installer iso kargs modify -a "${IP_OPTIONS}" -o "${dest_file}" "${source}"
+            echo "Adding kernel arguments ${KERNEL_ARGS}" >&2
+            coreos-installer iso kargs modify -a "${KERNEL_ARGS}" -o "${dest_file}" "${source}"
         else
             cp "${source}" "${DEST_DIR}"
             echo "${dest_file}"