Oracle^® ILOM Administrator's Guide for Configuration and Maintenance Firmware Release 3.2.x

Modify FIPS Mode

Before You Begin

• Prior to modifying the FIPS mode in Oracle ILOM, you should review FIPS Compliance Mode Effect on ILOM Configuration Properties and Unsupported Features When FIPS Mode Is Enabled.

• The Admin (a) role in Oracle ILOM is required to configure the FIPS State property in the CLI and web interface.

• After modifying the FIPS State property, an Oracle ILOM reboot is required to change the FIPS operational mode on the system and to update the FIPS Status property in the CLI and web interface.

The FIPS mode in Oracle ILOM is represented by the State and Status properties. The State property reflects the FIPS configured mode in Oracle ILOM, and the Status property reflects the FIPS operational mode of the system. By default, the FIPS State and Status properties in Oracle ILOM are disabled. To modify the FIPS State and Status properties in Oracle ILOM, follow these steps:

1. Navigate to the Oracle ILOM FIPS web page or the FIPS CLI target:
   • For web, click ILOM Administration > Management Access > FIPS.
   • For CLI, type cd /SP/services/fips

     (or from a CMM, type: cd /Servers/Blades/BLn/SP/services/fips)

2. Configure the FIPS State property as described in Figure 44, Table 44, Federal Information Processing Standards (FIBS 140-2) Configuration Properties.

   The FIPS operational change on the system will not take affect until the next Oracle ILOM boot. To determine the FIPS operational mode that is currently running on your system, view the Status property on the Management Access > FIPS web page, or view it under the FIPS CLI target (show /SP/services/fips). For further details, see the Status descriptions in Figure 44, Table 44, Federal Information Processing Standards (FIBS 140-2) Configuration Properties.

3. Reset the SP from the Oracle ILOM CLI or web interface, for instance:
   • For web, click ILOM Administration > Maintenance > Reset.

     If necessary, click the More Details link on the Reset page for instructions on how to reset the SP.

   • For CLI, type reset /SP

     (or from CMM, type reset /Servers/Blades/BLn/SP ).

   Upon resetting Oracle ILOM, the following events will occur:

   • The last configured state for FIPS mode is applied on the system.

   • A power-on self-test automatically is performed to ensure that Oracle ILOM and other system components are functional. When FIPS mode is enabled, cryptographic algorithm tests are run on all system cryptographic functions to ensure FIPS 140-2 compliance.

   • Upon a successful power-on self-test, the ILOM configuration properties are automatically reset to their default values.

   • The FIPS Status property is automatically updated on the FIPS web page and under the FIPS CLI target (show /SP/services/fips).

   • When FIPS mode is enabled and running on the system, a FIPS shield icon appears in the masthead area of the Oracle ILOM web browser window. Otherwise, if FIPS mode is disabled on the system, a FIPS shield icon will not appear in the masthead area of the Oracle ILOM web browser window.