fips-mode-setup(8) - Check, enable, or disable the system FIPS mode.

hoodedvul

FIPS-MODE-SETUP(8)                                          FIPS-MODE-SETUP(8)

NAME
       fips-mode-setup - Check, enable, or disable the system FIPS mode.

SYNOPSIS
       fips-mode-setup [COMMAND]

DESCRIPTION
       fips-mode-setup(8) is used to check and control the system FIPS mode.

       When enabling the system FIPS mode the command completes the
       installation of FIPS modules if needed by calling fips-finish-install
       and changes the system crypto policy to FIPS.

       Then the command modifies the boot loader configuration to add fips=1
       and boot=<boot-device> options to the kernel command line.

       When disabling the system FIPS mode the system crypto policy is
       switched to DEFAULT and the kernel command line option fips=0 is set.

OPTIONS
       The following options are available in fips-mode-setup tool.

       ·   --enable: Enables the system FIPS mode.

       ·   --disable: Disables the system FIPS mode.

       ·   --check: Checks the system FIPS mode status.

       ·   --is-enabled: Checks the system FIPS mode status and returns
           failure error code if disabled (2) or incosistent (1).

       ·   --no-bootcfg: The tool will not attempt to change the boot loader
           configuration and it just prints the options that need to be added
           to the kernel command line.

FILES
       /proc/sys/crypto/fips_enabled
           The kernel FIPS mode flag.

SEE ALSO
       update-crypto-policies(8), fips-finish-install(8)

AUTHOR
       Written by Tomáš Mráz.

fips-mode-setup                   08/07/2019                FIPS-MODE-SETUP(8)