1FIPS-MODE-SETUP(8)                                          FIPS-MODE-SETUP(8)
2
3
4

NAME

6       fips-mode-setup - Check, enable, or disable the system FIPS mode.
7

SYNOPSIS

9       fips-mode-setup [COMMAND]
10

DESCRIPTION

12       fips-mode-setup(8) is used to check and control the system FIPS mode.
13
14       When enabling the system FIPS mode the command completes the
15       installation of FIPS modules if needed by calling fips-finish-install
16       and changes the system crypto policy to FIPS.
17
18       Then the command modifies the boot loader configuration to add fips=1
19       and boot=<boot-device> options to the kernel command line.
20
21       When disabling the system FIPS mode the system crypto policy is
22       switched to DEFAULT and the kernel command line option fips=0 is set.
23

OPTIONS

25       The following options are available in fips-mode-setup tool.
26
27       ·   --enable: Enables the system FIPS mode.
28
29       ·   --disable: Disables the system FIPS mode.
30
31       ·   --check: Checks the system FIPS mode status.
32
33       ·   --is-enabled: Checks the system FIPS mode status and returns
34           failure error code if disabled (2) or inconsistent (1).
35
36       ·   --no-bootcfg: The tool will not attempt to change the boot loader
37           configuration and it just prints the options that need to be added
38           to the kernel command line.
39

FILES

41       /proc/sys/crypto/fips_enabled
42           The kernel FIPS mode flag.
43

SEE ALSO

45       update-crypto-policies(8), fips-finish-install(8)
46

AUTHOR

48       Written by Tomáš Mráz.
49
50
51
52fips-mode-setup                   09/23/2020                FIPS-MODE-SETUP(8)
Impressum