From 61ff9fd6f455ee49608cab2c851a3819c180c30a Mon Sep 17 00:00:00 2001

From: Watson Sato <wsato@redhat.com>

Date: Tue, 16 Aug 2022 18:53:02 +0200

Subject: [PATCH] Don't fail rule if /etc/grubenv missing on s390x

There is no need to check  /etc/grubenv for fips=1 on s390x systems, it

uses zIPL.

---

 .../integrity/fips/enable_fips_mode/oval/shared.xml      | 9 ++++++++-

 1 file changed, 8 insertions(+), 1 deletion(-)

diff --git a/linux_os/guide/system/software/integrity/fips/enable_fips_mode/oval/shared.xml b/linux_os/guide/system/software/integrity/fips/enable_fips_mode/oval/shared.xml

index 65056a654c6..7af675de0d3 100644

--- a/linux_os/guide/system/software/integrity/fips/enable_fips_mode/oval/shared.xml

+++ b/linux_os/guide/system/software/integrity/fips/enable_fips_mode/oval/shared.xml

@@ -7,9 +7,16 @@

       <extend_definition comment="Dracut FIPS module is enabled" definition_ref="enable_dracut_fips_module" />

       <extend_definition comment="system cryptography policy is configured" definition_ref="configure_crypto_policy" />

       <criterion comment="check if system crypto policy selection in var_system_crypto_policy in the profile is set to FIPS" test_ref="test_system_crypto_policy_value" />

-      {{% if product in ["ol8","rhel8"] %}}

+      {{% if product in ["ol8"] %}}

       test_ref="test_grubenv_fips_mode" />

+      {{% elif product in ["rhel8"] %}}

+      <criteria operator="OR">

+        

+        definition_ref="system_info_architecture_s390_64" />

+        

+        test_ref="test_grubenv_fips_mode" />

+      </criteria>

       {{% endif %}}

     </criteria>

   </definition>