Security and hardening tasks
Enabling FIPS mode
FIPS includes standards for cryptographic operations and can be configured as required.
First, you must add the configuration from fips to your container build.
If you are using bootc-image-builder or bootc install to-disk, there are currently no
further steps required for system installation; however, see below.
Usage with Anaconda
When performing an Anaconda installation you must
additionally set fips=1 on the kernel commandline for the installation
environment.
This is necessary because the Anaconda installer may itself perform cryptographic operations such as setting up LUKS encrypted volumes.
Want to help? Learn how to contribute to Fedora Docs ›