:::: MENU ::::

Monthly Archives / February 2021

  • Feb 10 / 2021
  • Comments Off on Disable FIPS mode on CentOS 7

Disable FIPS mode on CentOS 7

FIPS (Federal Information Processing Standard) can be enabled (by default or not) on linux kernels to enable the FIPS kernel cryptographic features.
But in some case, this can also lead to some issues with openssl, or any cryptographic tool that you can use within any code.

You can check if FIPS is enabled with that command:

# cat /proc/sys/crypto/fips_enabled

If you need to turn this feature off, you will have to first remove any dracut-fips package that you have installed:

# yum -y remove dracut-fips* 

Then, take a backup of the FIPS initramfs and recreate a new file:

# cp -p /boot/initramfs-$(uname -r).img /opt/initramfs-$(uname -r).backup
# dracut -f 

Once the file creation is complete, update your GRUB configuration to disable fips flag and rebuild grub configuration

# perl -pi -e 's/fips=1/fips=0/g' /etc/default/grub 
# grub2-mkconfig -o /boot/grub2/grub.cfg
# grub2-mkconfig -o /boot/efi/EFI/centos/grub.cfg

Now, reboot the server and if you check FIPS status again, it should return a value of 0 indicating that FIPS is disabled:

# cat /proc/sys/crypto/fips_enabled
Question ? Contact