We've documented how to set up FIPS, it currently looks like this: https://docs.fedoraproject.org/en-US/bootc/security-and-hardening/#_enabling_fips_mode

As the docs say, fips=1 needs to be set on the generated ISO kernel command line.
It would really help if we looked at the target image, noticed it had FIPS, and set it on the anaconda boot loader commandline. However, that's currently a bit ugly as other tools getting into to the business of parsing the bootc kernel argument configuration would be suboptimal.

This of course intersects with https://github.com/rhinstaller/anaconda/discussions/5888 in that it'd basically be fixed automatically.

Though I do think there'd be some corner cases where we want config only on the target environment, but in any case I think it'd be a more understandable default.