Description of problem: Vintage RHEV-H supports to enable FIPS mode as default, filling this RFE to ensure the RHEV-H NEXT also supports FIPS mode. The specific customers (typically government related) using FIPS are important. In current RHEV-H NG build(rhev-hypervisor7-ng-3.6-20160518.0), at least it does not include dracut-fips package, can not enable FIPS in NGN as default.
Fabian - beyond the missing package, what is needed?
It's unclear - We need to investigate what the recommended procedure is on RHEL - then we can see what is needed on NGN. Let me note that afaik FIPS is for a while now not working on vintage RHEV-H.
We need simply "dracut-fips" and a kernel argument: https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/7/html/Security_Guide/chap-Federal_Standards_and_Regulations.html
I would suggest that we include dracut-fips, and allow users to enable fips themselves, if desired.
Test version: redhat-virtualization-host-4.0-20160708.0 imgbased-0.7.2-0.1.el7ev.noarch redhat-release-virtualization-host-4.0-0.13.el7.x86_64 cockpit-0.108-1.el7.x86_64 # rpm -qa | grep fips dracut-fips-033-360.el7_2.1.x86_64 fipscheck-lib-1.4.1-5.el7.x86_64 fipscheck-1.4.1-5.el7.x86_64 RHVH include FIPS package now, so the bug is fixed, change bug status to VERIFIED.
To safe verify this bug, also need to check installation RHVH when fips is enable. Move back to ON_QA.
(In reply to Ying Cui from comment #6) > To safe verify this bug, also need to check installation RHVH when fips is > enable. Move back to ON_QA. Update some test scenario about fips=1, 1. Append fips=1 cmd, 2. Anaconda install RHVH. 3. Login RHVH with root. 4. Login RHVH with nonroot. 5. Check grub.cfg Test result: 1. Anaconda interactive install RHVH - pass 2. Login RHVH with root - pass 3. Login RHVH with nonroot - pass 4. Fips=1 is appear on grub.cfg So the bug is fixed, change bug status to VERIFIED.