How to enable FIPS in an upgraded DSM9 Environment
search cancel

How to enable FIPS in an upgraded DSM9 Environment

book

Article ID: 409478

calendar_today

Updated On:

Products

VMware Data Services Manager

Issue/Introduction

After upgrading from DSM 2.2.1 or 2.2.2 to DSM 9.0, FIPS compliancy is not automatically activated.


This article provides the steps to install the missing package and enable FIPs

Environment

Data Services Manager 9.0 (upgraded) 

Install openssl-fips-provider in the version 3.0.8

Resolution

Prerequisite:

Verify that you have root access to the Provider Appliance

Procedure:

1. SSH to the DSM Provider 

 
ssh root@<your_DSM_FQDN>

2. install the missing package by executing following command

 
tdnf install -y /mnt/iso-contents/package-pool/openssl-fips-provider-3.0.8-6.ph5.x86_64.rpm

 

3. To enable FIPs it requires the user to edit the grub.config. Use following command to edit the file 

root@photon [ ~ ]# vi /boot/grub2/grub.cfg

 

4. Locate following line and add 'fips=1'

 
linux /$photon_linux audit=1 root=$rootpartition $photon_cmdline scsi_mod.scan=sync $systemd_cmdline 

Here is how the file should look after editing. DO NOT REPLACE THE FILE WITH BELOW! IT COULD BREAK THE DSM PROVIDER!! Only add 'fips=1' at the end of above line
 
root@photon [ ~ ]# vi /boot/grub2/grub.cfg insmod part_gpt set gfxmode="640x480" gfxpayload=keep terminal_output gfxterm set theme=/grub2/themes/photon/theme.txt load_env -f /photon.cfg if [ -f /systemd.cfg ]; then load_env -f /systemd.cfg else set systemd_cmdline=net.ifnames=0 fi set rootpartition=/dev/vg_root_0/lv_root_0 menuentry "Photon" { linux /$photon_linux audit=1 root=$rootpartition $photon_cmdline scsi_mod.scan=sync $systemd_cmdline fips=1 if [ -f /$photon_initrd ]; then initrd /$photon_initrd fi } # End /boot/grub2/grub.cfg

 

5. Reboot DSM Appliance 

 

6. Confirm FIPS is enabled by executing following command:

 
cat /proc/sys/crypto/fips_enabled

 

This command should return "1" to indicate its enabled. 

Powered by Wolken Software