mirror of
https://github.com/openshift/openshift-docs.git
synced 2026-02-05 12:46:18 +01:00
30 lines
1.5 KiB
Plaintext
30 lines
1.5 KiB
Plaintext
// Module included in the following assemblies:
|
|
//
|
|
// * microshift_install_get_ready/microshift-fips.adoc
|
|
|
|
:_mod-docs-content-type: CONCEPT
|
|
[id="microshift-fips-rpm-system_{context}"]
|
|
= FIPS mode with {op-system-base} RPM-based installations
|
|
|
|
Using FIPS with {microshift-short} requires enabling the cryptographic module self-checks in your {op-system-base-full} installation. After the host operating system has been configured to start with the FIPS modules, {microshift-short} containers are automatically enabled to run in FIPS mode.
|
|
|
|
* When {op-system-base} is started in FIPS mode, {microshift-short} core components use the {op-system-base} cryptographic libraries that have been submitted to NIST for FIPS 140-2/140-3 validation on only the x86_64 architectures.
|
|
|
|
* You must enable FIPS mode when you install {op-system-base} {op-system-version-major} on the machines that you plan to use as worker machines.
|
|
+
|
|
[IMPORTANT]
|
|
====
|
|
Because FIPS must be enabled before the operating system that your node uses starts for the first time, you cannot enable FIPS after you deploy a node.
|
|
====
|
|
|
|
* {microshift-short} uses a FIPS-compatible Golang compiler.
|
|
|
|
* FIPS is supported in the CRI-O container runtime.
|
|
|
|
[id="microshift-fips-limitations_{context}"]
|
|
== Limitations
|
|
|
|
* TLS implementation FIPS support is not complete.
|
|
|
|
* The FIPS implementation does not offer a single function that both computes hash functions and validates the keys that are based on that hash. This limitation continues to be evaluated for improvement in future {microshift-short} releases.
|