Dell POWEREDGE M1000E User Manual

Fabric OS Command Reference

375

53-1002746-01

fipsCfg

2

--zeroize [-nowarn]

Erases all passwords, shared secrets, private keys, etc. in the system.

--show | --showall

Displays the current FIPS configuration.

--force fips

This option enables FIPS mode even if prerequisites are not met, except under
the following two conditions:

•

In a dual-CP system if HA is not in sync between the two CPs.

•

If selftests is in a disabled state.

--verify fips

Scans the prerequisites for enabling FIPS and print the failure/success cases.

--disable | --enable bootprom [-nowarn]

Disables or enables the Boot Programmable Read-Only Memory (Boot PROM) on
the switch. Boot PROM access is blocked in FIPS mode. Disabling Boot PROM
requires root permission. Enabling Boot PROM does not require root permission.

EXAMPLES

To display the current FIPS configuration:

switch:admin> fipscfg --show
FIPS mode is : Disabled
FIPS Selftests mode/status is : Disabled/None

To enable selftests:

switch admin> fipscfg --enable selftests
You are enabling selftests.
Do you want to continue? (yes, y, no, n) [no] : yes
FIPS Selftests mode/status has been set to : Enabled/None

To verify FIPS prerequisites:

switch:admin> fipscfg --verify fips
Standby firmware supports FIPS
SELF tests check has passed
Root account is enabled.
Radius check has passed

Authentication check has passed
SNMP is in read only mode.
Bootprom access is disabled.
Firmwaredownload signature verification is enabled.
cfgload.secure parameter value is 1.

To enable FIPS after prerequisites have been met:

switch:admin> fipscfg --enable fips
You are enabling FIPS.
Do you want to continue? (yes, y, no, n) [no] : yes
FIPS mode has been set to : Enabled
Please reboot the system

switch:admin> fipscfg --show
FIPS mode is : Enabled