Provided by: crypto-policies_20190816git-1_all bug


       fips-mode-setup - Check, enable, or disable the system FIPS mode.


       fips-mode-setup [COMMAND]


       fips-mode-setup(8) is used to check and control the system FIPS mode.

       When enabling the system FIPS mode the command completes the installation of FIPS modules
       if needed by calling fips-finish-install and changes the system crypto policy to FIPS.

       Then the command modifies the boot loader configuration to add fips=1 and
       boot=<boot-device> options to the kernel command line.

       When disabling the system FIPS mode the system crypto policy is switched to DEFAULT and
       the kernel command line option fips=0 is set.


       The following options are available in fips-mode-setup tool.

       •   --enable: Enables the system FIPS mode.

       •   --disable: Disables the system FIPS mode.

       •   --check: Checks the system FIPS mode status.

       •   --is-enabled: Checks the system FIPS mode status and returns failure error code if
           disabled (2) or inconsistent (1).

       •   --no-bootcfg: The tool will not attempt to change the boot loader configuration and it
           just prints the options that need to be added to the kernel command line.


           The kernel FIPS mode flag.


       update-crypto-policies(8), fips-finish-install(8)


       Written by Tomáš Mráz.