Hello,
i just installed rocky 8.6 on a Raspberry pi4, with the image downloaded from the website.
[root@fipsTEST fips]# cat /etc/os-release
NAME="Rocky Linux"
VERSION="8.6 (Green Obsidian)"
ID="rocky"
ID_LIKE="rhel centos fedora"
VERSION_ID="8.6"
PLATFORM_ID="platform:el8"
PRETTY_NAME="Rocky Linux 8.6 (Green Obsidian)"
ANSI_COLOR="0;32"
CPE_NAME="cpe:/o:rocky:rocky:8:GA"
HOME_URL="https://rockylinux.org/"
BUG_REPORT_URL="https://bugs.rockylinux.org/"
ROCKY_SUPPORT_PRODUCT="Rocky Linux"
ROCKY_SUPPORT_PRODUCT_VERSION="8"
REDHAT_SUPPORT_PRODUCT="Rocky Linux"
REDHAT_SUPPORT_PRODUCT_VERSION="8"
I need to activate FIPS mode.
I executed the command fips-mode-setup --enable, and everything seems ok.
[root@fipsTEST fips]# fips-mode-setup --enable
Setting system policy to FIPS
Note: System-wide crypto policies are applied on application start-up.
It is recommended to restart the system for the change of policies
to fully take place.
The grubby command is missing, please configure the bootloader manually.
FIPS mode will be enabled.
Now you need to configure the bootloader to add kernel options "fips=1 boot=UUID=6A67-933C"
and reboot the system for the setting to take effect.
I added fips=1 in the cmdline.txt file in the boot partition, and it seems that the parameters are correctly passed to the kernel.
[root@fipsTEST fips]# cat /proc/cmdline
coherent_pool=1M 8250.nr_uarts=0 snd_bcm2835.enable_compat_alsa=0 snd_bcm2835.enable_hdmi=1 bcm2708_fb.fbwidth=0 bcm2708_fb.fbheight=0 bcm2708_fb.fbswap=1 smsc95xx.macaddr=DC:A6:32:40:40:86 vc_mem.mem_base=0x3ec00000 vc_mem.mem_size=0x40000000 console=ttyAMA0,115200 console=tty1 root=PARTUUID=0ed6aa64-03 rootfstype=ext4 elevator=deadline rootwait fips=1 boot=UUID=6A67-933C
But if i run the command fips-mode-setup --check, i get the following:
[root@fipsTEST fips]# fips-mode-setup --check
cat: /proc/sys/crypto/fips_enabled: No such file or directory
FIPS mode is .
Am I skipping any steps?
Thank you