FIPS

From DikapediaV2
Revision as of 19:51, 10 April 2025 by Ardika Sulistija (talk | contribs)
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to: navigation, search

How to check if FIPS is enabled

Check that FIPS mode is enabled: 

$ fips-mode-setup --check
FIPS mode is enabled.


Kernel Parameter for enabling FIPS

fips=1


How to disable FIPS

$ fips-mode-setup --check
# fips-mode-setup --disable

Reboot and then check again.


Changing Crypto Policies

Sometimes you may need FIPS to be enabled but it appears to be blocking or preventing you from doing something (e.g. RDP sessions using xfreerdp or something, SSH issues, etc.). In such cases it is best to change the crypto crypto polices, that way you can still FIPS enabled and have further restrictions as opposed to disabling it.

To update the crypto policies, you can run something like: 

$ sudo update-crypto-policies --set FIPS:OSPP
Setting system policy to FIPS:OSPP
Note: System-wide crypto policies are applied on application start-up.
It is recommended to restart the system for the change of policies
to fully take place.

or 

$ sudo update-crypto-policies --set FIPS:NO-ENFORCE-EMS


Play around with different crypto policies to see what would work for you.

Helpful links: https://docs.redhat.com/en/documentation/red_hat_enterprise_linux/9/html/security_hardening/using-the-system-wide-cryptographic-policies_security-hardening#system-wide-crypto-policies_using-the-system-wide-cryptographic-policies


Check Crypto Policies

$ sudo update-crypto-policies --show
FIPS:OSPP
Retrieved from "https://dikapediav2.com/wiki/index.php?title=FIPS&oldid=331"