FIPS-MODE-SETUP(8) | FIPS-MODE-SETUP(8) |
NAME¶
fips-mode-setup - Check or enable the system FIPS mode.
SYNOPSIS¶
fips-mode-setup [COMMAND]
DESCRIPTION¶
fips-mode-setup(8) is used to check and control the system FIPS mode.
When enabling the system FIPS mode the command completes the installation of FIPS modules if needed by calling fips-finish-install and changes the system crypto policy to FIPS.
Then the command modifies the boot loader configuration to add fips=1 and boot=<boot-device> options to the kernel command line.
When disabling the system FIPS mode the system crypto policy is switched to DEFAULT and the kernel command line option fips=0 is set.
OPTIONS¶
The following options are available in fips-mode-setup tool.
•--enable: Enables the system FIPS mode.
•--disable: Undo some of the FIPS-enablement steps
(unsupported).
•--check: Checks the system FIPS mode
status.
•--is-enabled: Checks the system FIPS mode status
and returns failure error code if disabled (2) or inconsistent (1).
•--no-bootcfg: The tool will not reconfigure the
boot loader, and, instead, will print the options that need to be added to the
kernel command line. Exception: it still attempts executing zipl(8) on s390x,
as the system might become unbootable otherwise.
FILES¶
/proc/sys/crypto/fips_enabled
The kernel FIPS mode flag.
SEE ALSO¶
AUTHOR¶
Written by Tomáš Mráz.
09/29/2023 | fips-mode-setup |