fips-mode-setup(8) - Check, enable, or disable the system FIPS mode.
-
FIPS-MODE-SETUP(8) FIPS-MODE-SETUP(8) NAME fips-mode-setup - Check, enable, or disable the system FIPS mode. SYNOPSIS fips-mode-setup [COMMAND] DESCRIPTION fips-mode-setup(8) is used to check and control the system FIPS mode. When enabling the system FIPS mode the command completes the installation of FIPS modules if needed by calling fips-finish-install and changes the system crypto policy to FIPS. Then the command modifies the boot loader configuration to add fips=1 and boot=<boot-device> options to the kernel command line. When disabling the system FIPS mode the system crypto policy is switched to DEFAULT and the kernel command line option fips=0 is set. OPTIONS The following options are available in fips-mode-setup tool. · --enable: Enables the system FIPS mode. · --disable: Disables the system FIPS mode. · --check: Checks the system FIPS mode status. · --is-enabled: Checks the system FIPS mode status and returns failure error code if disabled (2) or incosistent (1). · --no-bootcfg: The tool will not attempt to change the boot loader configuration and it just prints the options that need to be added to the kernel command line. FILES /proc/sys/crypto/fips_enabled The kernel FIPS mode flag. SEE ALSO update-crypto-policies(8), fips-finish-install(8) AUTHOR Written by Tomáš Mráz. fips-mode-setup 08/07/2019 FIPS-MODE-SETUP(8)
© Lightnetics 2024