Comment # 16 on bug 1207576 from 
(In reply to Dominique Leuenberger from comment #15)
> (In reply to Steffen Winterfeldt from comment #14)
> > Hm, that makes the condition pointless. I could go for !BuildIgnore but
> > that seems not the right idea.
> 
> Possibly more drastic and make it a with fips condition (instead of
> ssl-hmac) and conditionalize the inclusion of dracut-fips too?

I do not know which action in the booted system triggers the FIPS selftest,
maybe before this a script could determine whether the actual CPU supports
sse2, and if not remove the *hmac files.

Something like
grep -q 'flags.* sse2' /proc/cpuinfo || rm *hmac

Then the users of CPUs with sse2 support can have the FIPS selftest active, and
others can still use the image.

You are receiving this mail because: