Enabling libica for FIPS mode

Edit online

To use libica in FIPS mode, the library itself and also the Linux™ kernel need to be enabled. That is, the FIPS-enabled libica library can run in FIPS mode when the kernel FIPS flag is set.

Enabling the Linux kernel for FIPS mode

A prerequisite for actually running the the FIPS-enabled libica in FIPS mode is to set the FIPS flag in the used Linux kernel configured for FIPS.

For all distributions, you need to enable the kernel FIPS mode at runtime by setting the kernel FIPS flag. To set this flag in /proc/sys/crypto/fips_enabled, boot or reboot with the kernel parameter fips=1.

For more information about setting and checking the kernel FIPS flag, refer to Device Drivers, Features, and Commands, SC33-8411. Or, for more distribution-specific information, refer to the publications provided by the specific distributor.

For systems with a Red Hat Enterprise Linux 8.3 distribution, you can use the fips-mode-setup command to enable FIPS:

fips-mode-setup --enable

Enabling the libica library for FIPS mode

If you are using libica from a distribution, ensure that FIPS mode is supported, because a distribution may provide libica packages (RPM or DEB) both with or without FIPS support.

If you want to install libica from the source package, as described in Installing libica from the source package, then refer to the INSTALL file for information on how to install, configure, and build the libica library. You can then enable the FIPS mode at compile time by running the configure script with the enable-fips option:


# ./configure --enable-fips
# make
# make install
# make fipsinstall