On 20.02.24 12:27, Robert Haas wrote:
I don't think the first two of these proposals help anything. AIUI,
FIPS mode is supposed to be a system wide toggle that affects
everything on the machine. The third one might help if you can be
compliant by just choosing not to install that extension, and the
fourth one solves the problem by sledgehammer.
Does Linux provide some way of asking whether "fips=1" was specified
at kernel boot time?
What you are describing only happens on Red Hat systems, I think. They
have built additional integration around this, which is great. But
that's not something you can rely on being the case on all systems, not
even all Linux systems.