![]() I fixed this by improving my reading comprehension. This was just wrong since the /boot partition was on the root partition in AWS. The latter was why I was so adamant about using the “boot=” option on the kernel command line. The typical error:ĭracut: FATAL: FIPS integrity test failedĭracut: FATAL: You have to specify boot= as a boot option for fips=1 When I would restart the EC2 instance the machine would just fail and not boot. GRUB_CMDLINE_LINUX="console=tty0 crashkernel=auto console=ttyS0,115200 fips=1 boot=/dev/xvda1" I would update the /etc/default/grub file kernel command line with the following: I came from environments that didn’t use “the cloud” so I’m used to lvm mapping separate partitions to /boot and this is what threw me off. I followed this guide on how to enable FIPS on CentOS. If you don’t have FIPS 140-2 you will end up with high-findings on your SAR and a no-go for FedRAMP certification. ![]() FIPS 140-2 validated/compliant encryption is necessary for FedRAMP. If you’re trying to get FedRAMP certification this is something you’re going to need. ![]() This probably took me entirely too long to figure out so I figured I’d make a post on it to help anyone else trying to enable FIPS in AWS on CentOS boxes.
0 Comments
Leave a Reply. |