What were you trying to do that didn't work?

Whether using the installation media or imagebuilder when selecting the DISA STIG security profile during the RHEL 9.6 installation, fips=1 does not get added to the kernel for first boot.

What is the impact of this issue to you?

Customers are using the security profile during installation to do their hardening and have always had fips=1 added to the kernel. Now, without notice, it is no longer being added and is leading to security issues for them.

How reproducible is this bug?: Repeatable.

Steps to reproduce

1. Start installation of RHEL 9.6
2. Select the "DISA STIG" in the security profile selection.
3. Continue configuration and installation.
4. After first boot, check to see if fips is enabled and fips=1 is added to the kernel

Expected results

FIPS is completely enabled on first boot.

Actual results

FIPS is not enabled in kernel so system is not full FIPS enabled on first boot.