Dieser Inhalt ist in der von Ihnen ausgewählten Sprache nicht verfügbar.
Chapter 2. Switching RHEL to FIPS mode
To enable the cryptographic module self-checks mandated by the Federal Information Processing Standard (FIPS) 140-2, you must operate RHEL 8 in FIPS mode. Starting the installation in FIPS mode is the recommended method if you aim for FIPS compliance.
2.1. Federal Information Processing Standards 140 and FIPS mode
The Federal Information Processing Standards (FIPS) Publication 140 is a series of computer security standards developed by the National Institute of Standards and Technology (NIST) to ensure the quality of cryptographic modules. The FIPS 140 standard ensures that cryptographic tools implement their algorithms correctly. Runtime cryptographic algorithm and integrity self-tests are some of the mechanisms to ensure a system uses cryptography that meets the requirements of the standard.
RHEL in FIPS mode
To ensure that your RHEL system generates and uses all cryptographic keys only with FIPS-approved algorithms, you must switch RHEL to FIPS mode.
You can enable FIPS mode by using one of the following methods:
- Starting the installation in FIPS mode
- Switching the system into FIPS mode after the installation
If you aim for FIPS compliance, start the installation in FIPS mode. This avoids cryptographic key material regeneration and reevaluation of the compliance of the resulting system associated with converting already deployed systems.
To operate a FIPS-compliant system, create all cryptographic key material in FIPS mode. Furthermore, the cryptographic key material must never leave the FIPS environment unless it is securely wrapped and never unwrapped in non-FIPS environments.
Switching to FIPS mode after the installation
Switching the system to FIPS mode by using the fips-mode-setup
tool does not guarantee compliance with the FIPS 140 standard. Re-generating all cryptographic keys after setting the system to FIPS mode may not be possible. For example, in the case of an existing IdM realm with users' cryptographic keys you cannot re-generate all the keys. If you cannot start the installation in FIPS mode, always enable FIPS mode as the first step after the installation, before you make any post-installation configuration steps or install any workloads.
The fips-mode-setup
tool also uses the FIPS
system-wide cryptographic policy internally. But on top of what the update-crypto-policies --set FIPS
command does, fips-mode-setup
ensures the installation of the FIPS dracut module by using the fips-finish-install
tool, it also adds the fips=1
boot option to the kernel command line and regenerates the initial RAM disk.
Furthermore, enforcement of restrictions required in FIPS mode depends on the content of the /proc/sys/crypto/fips_enabled
file. If the file contains 1
, RHEL core cryptographic components switch to mode, in which they use only FIPS-approved implementations of cryptographic algorithms. If /proc/sys/crypto/fips_enabled
contains 0
, the cryptographic components do not enable their FIPS mode.
FIPS in crypto-policies
The FIPS
system-wide cryptographic policy helps to configure higher-level restrictions. Therefore, communication protocols supporting cryptographic agility do not announce ciphers that the system refuses when selected. For example, the ChaCha20 algorithm is not FIPS-approved, and the FIPS
cryptographic policy ensures that TLS servers and clients do not announce the TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256 TLS cipher suite, because any attempt to use such a cipher fails.
If you operate RHEL in FIPS mode and use an application providing its own FIPS-mode-related configuration options, ignore these options and the corresponding application guidance. The system running in FIPS mode and the system-wide cryptographic policies enforce only FIPS-compliant cryptography. For example, the Node.js configuration option --enable-fips
is ignored if the system runs in FIPS mode. If you use the --enable-fips
option on a system not running in FIPS mode, you do not meet the FIPS-140 compliance requirements.
Even though the RHEL 8.6 (and newer) kernel in FIPS mode is designed to be compliant with FIPS 140-3, it is not yet certified by the National Institute of Standards and Technology (NIST) Cryptographic Module Validation Program (CMVP). The latest certified kernel module is the updated RHEL 8.5 kernel after the RHSA-2021:4356 advisory update. That certification applies to the FIPS 140-2 standard. You cannot choose whether a cryptographic module conforms to FIPS 140-2 or 140-3. The FIPS - Federal Information Processing Standards section on the Product compliance Red Hat Customer Portal page provides an overview of the validation status of cryptographic modules for selected RHEL minor releases.
Additional resources
2.2. Installing the system with FIPS mode enabled
To enable the cryptographic module self-checks mandated by the Federal Information Processing Standard (FIPS) 140, enable FIPS mode during the system installation.
Only enabling FIPS mode during the RHEL installation ensures that the system generates all keys with FIPS-approved algorithms and continuous monitoring tests in place.
After you complete the setup of FIPS mode, you cannot switch off FIPS mode without putting the system into an inconsistent state. If your scenario requires this change, the only correct way is a complete re-installation of the system.
Procedure
-
Add the
fips=1
option to the kernel command line during the system installation. - During the software selection stage, do not install any third-party software.
- After the installation, the system starts in FIPS mode automatically.
Verification
After the system starts, check that FIPS mode is enabled:
$ cat /proc/sys/crypto/fips_enabled 1
Additional resources
2.3. Switching the system to FIPS mode
The system-wide cryptographic policies contain a policy level that enables cryptographic algorithms in accordance with the requirements by the Federal Information Processing Standard (FIPS) Publication 140. The fips-mode-setup
tool that enables or disables FIPS mode internally uses the FIPS
system-wide cryptographic policy.
Switching the system to FIPS mode by using the FIPS
system-wide cryptographic policy does not guarantee compliance with the FIPS 140 standard. Re-generating all cryptographic keys after setting the system to FIPS mode may not be possible. For example, in the case of an existing IdM realm with users' cryptographic keys you cannot re-generate all the keys.
Only enabling FIPS mode during the RHEL installation ensures that the system generates all keys with FIPS-approved algorithms and continuous monitoring tests in place.
The fips-mode-setup
tool uses the FIPS
policy internally. But on top of what the update-crypto-policies
command with the --set FIPS
option does, fips-mode-setup
ensures the installation of the FIPS dracut module by using the fips-finish-install
tool, it also adds the fips=1
boot option to the kernel command line and regenerates the initial RAM disk.
After you complete the setup of FIPS mode, you cannot switch off FIPS mode without putting the system into an inconsistent state. If your scenario requires this change, the only correct way is a complete re-installation of the system.
Procedure
To switch the system to FIPS mode:
# fips-mode-setup --enable Kernel initramdisks are being regenerated. This might take some time. Setting system policy to FIPS Note: System-wide crypto policies are applied on application start-up. It is recommended to restart the system for the change of policies to fully take place. FIPS mode will be enabled. Please reboot the system for the setting to take effect.
Restart your system to allow the kernel to switch to FIPS mode:
# reboot
Verification
After the restart, you can check the current state of FIPS mode:
# fips-mode-setup --check FIPS mode is enabled.
Additional resources
-
fips-mode-setup(8)
man page on your system - Security Requirements for Cryptographic Modules on the National Institute of Standards and Technology (NIST) web site.
2.4. Enabling FIPS mode in a container
To enable the full set of cryptographic module self-checks mandated by the Federal Information Processing Standard Publication 140-2 (FIPS mode), the host system kernel must be running in FIPS mode. Depending on the version of your host system, enabling FIPS mode on containers either is fully automatic or requires only one command.
The fips-mode-setup
command does not work correctly in containers, and it cannot be used to enable or check FIPS mode in this scenario.
Prerequisites
- The host system must be in FIPS mode.
Procedure
On hosts running RHEL 8.1 and 8.2: Set the FIPS cryptographic policy level in the container using the following command, and ignore the advice to use the
fips-mode-setup
command:$ update-crypto-policies --set FIPS
-
On hosts running RHEL 8.4 and later: On systems with FIPS mode enabled, the
podman
utility automatically enables FIPS mode on supported containers.
Additional resources
2.5. List of RHEL applications using cryptography that is not compliant with FIPS 140-2
To pass all relevant cryptographic certifications, such as FIPS 140, use libraries from the core cryptographic components set. These libraries, except from libgcrypt
, also follow the RHEL system-wide cryptographic policies.
See the RHEL core cryptographic components article for an overview of the core cryptographic components, the information on how are they selected, how are they integrated into the operating system, how do they support hardware security modules and smart cards, and how do cryptographic certifications apply to them.
In addition to the following table, in some RHEL 8 Z-stream releases (for example, 8.1.1), the Firefox browser packages have been updated, and they contain a separate copy of the NSS cryptography library. This way, Red Hat wants to avoid the disruption of rebasing such a low-level component in a patch release. As a result, these Firefox packages do not use a FIPS 140-2-validated module.
List of RHEL 8 applications that use cryptography not compliant with FIPS 140-2
- FreeRADIUS
- The RADIUS protocol uses MD5.
- Ghostscript
- Custom cryptography implementation (MD5, RC4, SHA-2, AES) to encrypt and decrypt documents.
- iPXE
- Cryptographic stack for TLS is compiled in, however, it is unused.
- Libica
- Software fallbacks for various algorithms such as RSA and ECDH through CPACF instructions.
- Ovmf (UEFI firmware), Edk2, shim
- Full cryptographic stack (an embedded copy of the OpenSSL library).
- Perl
- HMAC, HMAC-SHA1, HMAC-MD5, SHA-1, SHA-224,…
- Pidgin
- Implements DES and RC4.
- QAT Engine
- Mixed hardware and software implementation of cryptographic primitives (RSA, EC, DH, AES,…).
- Samba [1]
- Implements AES, DES, and RC4.
- SWTPM
- Explicitly disables FIPS mode in its OpenSSL usage.
- Valgrind
- AES, hashes [2]
- zip
- Custom cryptography implementation (insecure PKWARE encryption algorithm) to encrypt and decrypt archives using a password.
Additional resources
- FIPS 140-2 and FIPS 140-3 section in the Compliance Activities and Government Standards Knowledgebase article
- RHEL core cryptographic components Knowledgebase article