Loading...

Linking RHIVOS CVEs to...

Migration: Automation ...

SWIFT: Generate New Ti...

SWIFT: POC Conversion

Sync from "Extern...

XML

Word

Printable

Type: Bug
Resolution: Done-Errata
Priority: Undefined
Fix Version/s: rhel-10.1
Affects Version/s: rhel-10.0
Component/s: lorax-templates-rhel
Labels:
- rn-yml

Fixed in Build:
lorax-templates-rhel-10.1-1.el10
Regression:
No
Severity:
Low

AssignedTeam:
image-builder-1

Internal Target Milestone:
14
Story Points:
None
Blocked:
False
Ready:
False
Blocked Reason:

Hide

None

Show
None
Product Documentation Required:
Yes
Sprint:
None

Preliminary Testing:
Pass
Errata Link:
https://errata.engineering.redhat.com/advisory/150012
Test Coverage:

RegressionOnly

Release Note Type:
Enhancement
Release Note Text:

Hide
.New boot menu entry for `fips=1` added to ISO installations

With this update, the DVD and Boot ISO image installations provide a new boot menu entry for setting the `fips=1` kernel boot option. This simplifies the process, as enabling FIPS mode during the RHEL installation ensures that the system generates all keys with FIPS-approved algorithms and continuous monitoring tests in place. By using this boot option, you start the installation with the `fips=1` kernel parameter and you can target the system's compliance with Federal Information Processing Standards (FIPS) 140 requirements.

Show
.New boot menu entry for `fips=1` added to ISO installations With this update, the DVD and Boot ISO image installations provide a new boot menu entry for setting the `fips=1` kernel boot option. This simplifies the process, as enabling FIPS mode during the RHEL installation ensures that the system generates all keys with FIPS-approved algorithms and continuous monitoring tests in place. By using this boot option, you start the installation with the `fips=1` kernel parameter and you can target the system's compliance with Federal Information Processing Standards (FIPS) 140 requirements.
Release Note Status:
Done
ProdDocsReview-CCS:
Unspecified
ProdDocsReview-Dev:
Unspecified
ProdDocsReview-QE:
Unspecified

Experience:

SFDC Cases Counter:
SFDC Cases Open:
SFDC Cases Links:

Planning:
None

In RHEL10 it is no longer possible to switch an installed system to FIPS, it needs to be done during install with fips=1 set on the kernel cmdline when booting the installer from the boot.iso – this is documented, but to make it easier and more visible to users we should add a new boot menu entry to the boot.iso menu.

- - Sort By Name
  - Sort By Date
  - Ascending
  - Descending
  - Thumbnails
  - List
  - Download All

rhel10.1-fips.png
7 kB
2025/05/16 5:03 PM

is cloned by

RHEL-104075 [RHEL-10] Add a menu entry to the boot.iso to boot with fips=1

In Progress

RHEL-91930 [RHEL-9] Add a menu entry to the boot.iso to boot with fips=1

Closed

is related to

RHELDOCS-20588 RHEL 9.6 DISA STIG security profile not adding "fips=1" to kernel

Closed

links to

RHBA-2025:150012 lorax-templates-rhel update

Assignee:: Brian Lane

Reporter:: Brian Lane

Developer:: Brian Lane

QA Contact:: Release Test Team

Doc Contact:: Mirek Jahoda

Votes:: 0 Vote for this issue

Watchers:: 5 Start watching this issue

Created:: 2025/05/15 5:19 PM

Updated:: 2025/11/11 12:07 PM

Resolved:: 2025/11/11 9:55 AM

Target end:: 2025/06/02

Next Planned Release Date:: 2025/11/11

Release Date:: 2025/11/11

Details

Description

Attachments

Attachments

Issue Links

Easy Agile Planning Poker

Activity

People

Dates