digest-list-tools/dracut-script-support-loading-digest-list-with-modsi.patch

From 1e46b6c1440b0aece5bb45ef8bc432a16d64248d Mon Sep 17 00:00:00 2001
From: Huaxin Lu <luhuaxin1@huawei.com>
Date: Fri, 16 Aug 2024 10:57:33 +0800
Subject: [PATCH] dracut script support loading digest list with modsig

Signed-off-by: Huaxin Lu <luhuaxin1@huawei.com>
---
 initrd/dracut/load_digest_lists.sh | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/initrd/dracut/load_digest_lists.sh b/initrd/dracut/load_digest_lists.sh
index 8cb3e84..fad24ed 100644
--- a/initrd/dracut/load_digest_lists.sh
+++ b/initrd/dracut/load_digest_lists.sh
@@ -10,7 +10,10 @@ if [  -f /sys/kernel/security/ima/digest_list_data ]; then
 							if ($1 ~ /security.ima=0x03/) ima=1; }
 							END{ if (evm || ima) print "1" }')
 				if [ -z "$process_digest_list" ]; then
-					continue
+					tail -c 32 $f | grep -a "~Module signature appended~" &> /dev/null
+					if [ $? -ne 0 ]; then
+						continue
+					fi
 				fi
 
 				format=$(echo $f | cut -d - -f 3)
-- 
2.33.0