Loading...

Linking RHIVOS CVEs to...

Migration: Automation ...

SWIFT: Generate New Ti...

SWIFT: POC Conversion

Sync from "Extern...

XML

Word

Printable

Type: Bug
Resolution: Unresolved
Priority: Normal
Fix Version/s: rhel-10.1
Affects Version/s: rhel-10.0
Component/s: osbuild
Labels:
- rn-yml

Regression:
No
Severity:
Low

AssignedTeam:
image-builder-1

Story Points:
None
Blocked:
False
Ready:
False
Blocked Reason:

Hide

None

Show
None
Product Documentation Required:
Yes
Sprint:
None

Preliminary Testing:
Pass
Errata Link:
https://errata.engineering.redhat.com/advisory/150012
Test Coverage:

RegressionOnly

Release Note Type:
Enhancement
Release Note Text:

Hide
.`image-installer` provides a new boot menu entry for `fips=1`

In this update, the `image-installer` ISO image type provides a new boot menu entry for setting the `fips=1` kernel boot option during installation. This simplifies the process, as in RHEL 10, you cannot switch an installed system to FIPS mode, and you must add `fips=1` to the kernel command line when starting the installation. By setting `fips=1` for the installation, you can target the system's compliance with Federal Information Processing Standards (FIPS) 140 requirements.

Show
.`image-installer` provides a new boot menu entry for `fips=1` In this update, the `image-installer` ISO image type provides a new boot menu entry for setting the `fips=1` kernel boot option during installation. This simplifies the process, as in RHEL 10, you cannot switch an installed system to FIPS mode, and you must add `fips=1` to the kernel command line when starting the installation. By setting `fips=1` for the installation, you can target the system's compliance with Federal Information Processing Standards (FIPS) 140 requirements.
Release Note Status:
Done
ProdDocsReview-CCS:
Done
ProdDocsReview-Dev:
Done
ProdDocsReview-QE:
Unspecified

Experience:

SFDC Cases Counter:
SFDC Cases Open:
SFDC Cases Links:

Planning:
None

In RHEL10 it is no longer possible to switch an installed system to FIPS, it needs to be done during install with fips=1 set on the kernel cmdline when booting the installer from the boot.iso – this is documented, but to make it easier and more visible to users we should add a new boot menu entry to the boot.iso menu.

This menu entry should also be added for osbuild-composer produced installer isos.

clones

RHEL-91929 [RHEL-10] Add a menu entry to the boot.iso to boot with fips=1

Closed

Assignee:: Brian Lane

Reporter:: Brian Lane

Developer:: Osbuilders Bot Account

QA Contact:: Release Test Team

Doc Contact:: Mirek Jahoda

Votes:: 0 Vote for this issue

Watchers:: 7 Start watching this issue

Created:: 2025/07/16 3:58 PM

Updated:: 2025/11/11 8:00 AM

Stale Date:: 2026/10/29

Next Planned Release Date:: 2025/11/11

Details

Description

Attachments

Issue Links

Easy Agile Planning Poker

Activity

People

Dates