1. Proposed title of this feature request
FIPS compliance/compatibility with RHEV
2. Who is the customer behind the request?
Government site.
TAM customer: no
SRM customer: no
Strategic: no
Standard RHV but has other Premium Entitlements
3. What is the nature and description of the request?
Site is required to be FIPS compliant with all RHEL STIG systems including those used in RHV.
4. How would the customer like to achieve this? (List the functional requirements here)
There is presently no known documentation specific to RHV if it is or is not presently supported as a function. RHEL has a KCS 176633 which indicates RHEL is provided some changes are made within openssl.
5. Is there already an existing RFE upstream or in Red Hat Bugzilla?
None found
6. Does the customer have any specific timeline dependencies and which release would they like to target (i.e. RHEL5, RHEL6)?
Yes this is needed ASAP as they are presently out of compliance, this will impact all Government agency's using RHV with RHEL STIG systems
7. List any affected packages or components.
RHV-M/RHV-H/RHEL-H and possible interaction with RHEL STIG guests.
8. Would the customer be able to assist in testing this functionality if implemented?
Most likely.
The process here is basically the same as RHEL.
Boot with "fips=1". (dracut-fips is already included). If done as part of the initial install, Anaconda will keep this karg.
OpenSSH/OpenSSL are outside of the scope of this, but are basically the same as RHEL. Any certificates/keys generated with a non-FIPS-compliant cipher/strength will need to be regenerated.