Configuring FIPS Mode in Oracle Linux 10

FIPS mode can be configured during the initial installation of Oracle Linux 10, as described in the following sections.

Installing Oracle Linux 10 in FIPS Mode

Add fips=1 to the kernel command line during system installation to automatically configure a new Oracle Linux 10 system to run in FIPS mode from the first boot.

The main benefit of setting FIPS mode during the installation stage is that Oracle Linux 10 enforces the use of strong cryptographic algorithms that are used to secure application data.

To verify that FIPS mode is enabled, run the following command after Oracle Linux 10 has been installed:

cat /proc/sys/crypto/fips_enabled

If the value returned is 1, then FIPS mode is enabled on the system.

Note:

FIPS mode can't be enabled or disabled on existing Oracle Linux 10 installations. The fips-mode-setup tool has been deprecated and removed. To disable FIPS mode, reinstall Oracle Linux 10 without FIPS mode enabled.