Skip to content

Commit 12a20a6

Browse files
tariq1890tariq1890
authored
Merge pull request #393 from NVIDIA/fips-try
2 parents a55b516 + fac9153 commit 12a20a6

File tree

2 files changed

+26
-0
lines changed

2 files changed

+26
-0
lines changed

ubuntu22.04/nvidia-driver

Lines changed: 14 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -16,13 +16,25 @@ NVIDIA_MODESET_MODULE_PARAMS=()
1616
NVIDIA_PEERMEM_MODULE_PARAMS=()
1717
TARGETARCH=${TARGETARCH:?"Missing TARGETARCH env"}
1818
KERNEL_MODULE_TYPE=${KERNEL_MODULE_TYPE:-auto}
19+
UBUNTU_PRO_TOKEN=${UBUNTU_PRO_TOKEN:-""}
1920

2021
export DEBIAN_FRONTEND=noninteractive
2122

2223
DRIVER_ARCH=${TARGETARCH/amd64/x86_64} && DRIVER_ARCH=${DRIVER_ARCH/arm64/aarch64}
2324

2425
echo "DRIVER_ARCH is $DRIVER_ARCH"
2526

27+
_enable_fips_if_required() {
28+
if [[ -n "${UBUNTU_PRO_TOKEN}" && ${KERNEL_VERSION} =~ "fips" ]]; then
29+
echo "Ubuntu Pro token and FIPS kernel detected"
30+
apt-get -qq install --no-install-recommends ubuntu-advantage-tools > /dev/null
31+
echo "Attaching Ubuntu Pro token..."
32+
pro attach --no-auto-enable "${UBUNTU_PRO_TOKEN}"
33+
echo "Enabling FIPS apt repo access..."
34+
pro enable --access-only --assume-yes fips-updates
35+
fi
36+
}
37+
2638
_update_package_cache() {
2739
if [ "${PACKAGE_TAG:-}" != "builtin" ]; then
2840
echo "Updating the package cache..."
@@ -658,6 +670,7 @@ init() {
658670
if _kernel_requires_package; then
659671
_update_ca_certificates
660672
_update_package_cache
673+
_enable_fips_if_required
661674
_resolve_kernel_version || exit 1
662675
_install_prerequisites
663676
_create_driver_package
@@ -726,6 +739,7 @@ update() {
726739
trap "echo 'Caught signal'; exit 1" HUP INT QUIT PIPE TERM
727740

728741
_update_package_cache
742+
_enable_fips_if_required
729743
_resolve_kernel_version || exit 1
730744
_install_prerequisites
731745
if _kernel_requires_package; then

ubuntu24.04/nvidia-driver

Lines changed: 12 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -23,6 +23,17 @@ DRIVER_ARCH=${TARGETARCH/amd64/x86_64} && DRIVER_ARCH=${DRIVER_ARCH/arm64/aarch6
2323

2424
echo "DRIVER_ARCH is $DRIVER_ARCH"
2525

26+
_enable_fips_if_required() {
27+
if [[ -n "${UBUNTU_PRO_TOKEN}" && ${KERNEL_VERSION} =~ "fips" ]]; then
28+
echo "Ubuntu Pro token and FIPS kernel detected"
29+
apt-get -qq install --no-install-recommends ubuntu-advantage-tools > /dev/null
30+
echo "Attaching Ubuntu Pro token..."
31+
pro attach --no-auto-enable "${UBUNTU_PRO_TOKEN}"
32+
echo "Enabling FIPS apt repo access..."
33+
pro enable --access-only --assume-yes fips-updates
34+
fi
35+
}
36+
2637
_update_package_cache() {
2738
if [ "${PACKAGE_TAG:-}" != "builtin" ]; then
2839
echo "Updating the package cache..."
@@ -551,6 +562,7 @@ init() {
551562

552563
_update_ca_certificates
553564
_update_package_cache
565+
_enable_fips_if_required
554566
_resolve_kernel_version || exit 1
555567
_install_prerequisites
556568
_link_ofa_kernel

0 commit comments

Comments
 (0)