fips-mode-setup man page

fips-mode-setup — Check, enable, or disable the system FIPS mode.

Synopsis

fips-mode-setup [COMMAND]

Description

fips-mode-setup(8) is used to check and control the system FIPS mode.

When enabling the system FIPS mode the command completes the installation of FIPS modules if needed by calling fips-finish-install and changes the system crypto policy to FIPS.

Then the command modifies the boot loader configuration to add fips=1 and boot=<boot-device> options to the kernel command line.

When disabling the system FIPS mode the system crypto policy is switched to DEFAULT and the kernel command line option fips=0 is set.

Options

The following options are available in fips-mode-setup tool.

Files

/proc/sys/crypto/fips_enabled

The kernel FIPS mode flag.

See Also

update-crypto-policies(8), fips-finish-install(8)

Author

Written by Tomáš Mráz.

Referenced By

crypto-policies(7), fips-finish-install(8), update-crypto-policies(8).

09/10/2019