(If Required) Enable FIPS-140 Compliant Operation (Oracle ILOM)
The use of FIPS 140 validated cryptography is required for U.S. Federal Government customers.
By default, Oracle ILOM does not operate using FIPS 140 validated cryptography. However, the use of FIPS 140 validated cryptography can be enabled, if required.
Some Oracle ILOM features and capabilities are not available when configured for FIPS 140 compliant operation. A list of those features is covered in the Oracle ILOM Security Guide in the section titled "Unsupported Features When FIPS Mode Is Enabled" (see Additional Oracle ILOM Resources).
Also see FIPS-140-2 Level 1 Compliance.
 | Caution - This task requires you to reset Oracle ILOM. A reset results in the loss of all user-configured settings. For this reason, you must enable FIPS 140 compliant operation before any additional site-specific changes are made to the Oracle ILOM. For systems where site-specific configuration changes have been made, back up the Oracle ILOM configuration so that it can be restored after Oracle ILOM is reset, otherwise those configuration changes will be lost. |
- On the management network, log into Oracle ILOM.
-
Determine if the Oracle ILOM is configured for FIPS 140 compliant
operation.
-> show /SP/services/fips state status /SP/services/fips Properties: state = enabled status = enabled
FIPS 140 compliant mode in Oracle ILOM is represented by the state and status properties. The state property represents the configured mode in Oracle ILOM, and the status property represents the operational mode in Oracle ILOM. When the FIPS state property is changed, the change does not affect the operational mode FIPS status property until the next Oracle ILOM reboot.
-
Enable FIPS 140 compliant operation.
-> set /SP/services/fips state=enabled
-
Restart the Oracle ILOM service processor.
The Oracle ILOM SP must be restarted for this change to take effect.
-> reset /SP