FIPS-MODE-SETUP(8) FIPS-MODE-SETUP(8)
NAME
fips-mode-setup - Check or enable the system FIPS mode.
SYNOPSIS
fips-mode-setup [COMMAND]
DESCRIPTION
fips-mode-setup(8) is used to check and control the system FIPS mode.
When enabling the system FIPS mode the command completes the
installation of FIPS modules if needed by calling fips-finish-install
and changes the system crypto policy to FIPS.
Then the command modifies the boot loader configuration to add fips=1
and boot=<boot-device> options to the kernel command line.
When disabling the system FIPS mode the system crypto policy is
switched to DEFAULT and the kernel command line option fips=0 is set.
OPTIONS
The following options are available in fips-mode-setup tool.
o --enable: Enables the system FIPS mode.
o --disable: Undo some of the FIPS-enablement steps (unsupported).
o --check: Checks the system FIPS mode status.
o --is-enabled: Checks the system FIPS mode status and returns
failure error code if disabled (2) or inconsistent (1).
o --no-bootcfg: The tool will not reconfigure the boot loader, and,
instead, will print the options that need to be added to the kernel
command line. Exception: it still attempts executing zipl(8) on
s390x, as the system might become unbootable otherwise.
FILES
/proc/sys/crypto/fips_enabled
The kernel FIPS mode flag.
SEE ALSO
update-crypto-policies(8), fips-finish-install(8)
AUTHOR
Written by Toma Mraz.
fips-mode-setup 10/14/2023 FIPS-MODE-SETUP(8)
Linux-Distributionen
Huschi als Linux-Admin