diskimage-builder/diskimage_builder/elements/fips/README.rst
Julia Kreger c217956079 Add a FIPS element
Adds an element whose purpose is to set the stage
in the resulting image so that a user can generate an
image utilizing DIB which can be used in a FIPS
configuration without doing so with the input image
or after the fact.

Change-Id: Ia8a45584a56f6e06856fc2920c333351935dcd9d
2023-03-21 13:07:02 +00:00

25 lines
1.1 KiB
ReStructuredText

====
fips
====
This image element attempts to setup the image so it will boot and operate
in what is often referred to as "FIPS mode", where cryptography policies
and algorithms are enforced to only those which are FIPS approved and
certified. In this context, FIPS is an abbreviation for
Federal Information Processing Standard, specifically publication number
140. You can learn more about FIPS policies at
https://csrc.nist.gov/publications/fips
This element is a best-effort element and additional software or elements
may be processed after the fact which may impact the work of this element.
It is **generally** regarded as critical to enable FIPS as early as possible,
as cryptography policy can be applied, but may not be fully enforced without
the kernel also operating in FIPS mode.
If you intend to utilize this element to generate production FIPS images,
it is highly recommended you do so on a host which has already had FIPS
enabled for itself.
Additionally, not all distributions are explicitly supported. Unsupported
distributions will error providing appropriate guidance, if available.