>> Wrt FIPS, it is technicall straight forward to boot a VM into fips >> mode, just never done it. > > > It is not, because you cannot trivially tell libvirt/virsh to add > "fips=1" to the command line AFAIK.
I was thinking more of - to pick up on another suggestion, just clone FIPS and non FIPS vms and flip between them - or, intercede in the boot process adding fips=1; its about as tedious as the pexpect sequence used to log into the domain - or even just halt at the grub prompt and then issue the correct boot command _______________________________________________ Swan-dev mailing list Swan-dev@lists.libreswan.org https://lists.libreswan.org/mailman/listinfo/swan-dev