fips-mode-setup - Man Page

Check or enable the system FIPS mode.

Synopsis

fips-mode-setup [COMMAND]

Description

fips-mode-setup(8) is used to check and control the system FIPS mode.

When enabling the system FIPS mode, the command completes the installation of FIPS modules if needed by calling fips-finish-install and changes the system crypto policy to FIPS (unless the policy has already been set to FIPS plus subpolicies on top, in which case the currently active subpolicies is retained).

Then the command modifies the boot loader configuration to add fips=1 and boot=<boot-device> options to the kernel command line.

When disabling the system FIPS mode the system crypto policy is switched to DEFAULT and the kernel command line option fips=0 is set.

Options

The following options are available in fips-mode-setup tool.

Files

/proc/sys/crypto/fips_enabled

The kernel FIPS mode flag.

See Also

update-crypto-policies(8), fips-finish-install(8)

Author

Written by Tomáš Mráz.

Referenced By

crypto-policies(7), fips-finish-install(8), update-crypto-policies(8).

11/10/2022