Disabling Fips Mode; Zeroizing For Fips; Displaying Fips Configuration - HP A7533A - Brocade 4Gb SAN Switch Base Administrator's Manual

Example
switch:admin> configure
Not all options will be available on an enabled switch.
To disable the switch, use the "switchDisable" command.
Configure...
System services (yes, y, no, n): [no]
...
cfgload attributes (yes, y, no, n): [no] yes
Enforce secure config Upload/Download (yes, y, no, n): [no]
Enforce firmware signature validation (yes, y, no, n): [no] yes
8. Type the following command to block access to root:
userconfig --change root -e no
By disabling the root account, RADIUS and LDAP users with root roles are also blocked in FIPS mode.
9. Verify your switch is FIPS ready:
fipscfg --verify fips
10. Type the command fipsCfg
1 1. Reboot the switch.

Disabling FIPS mode

1. Log in to the switch using an account assigned the admin or securityAdmin role.
2. Type the command fipsCfg
3. Reboot the switch.
4. Enable the root account by following the bootprom:
userconfig --change root -e yes
5. Enable access to the bootprom:
fipscfg –-enable bootprom
6. Optional: Use the configure command to set switch to use non-signed firmware.
By keeping the switch set to use signed firmware, all firmware downloaded to the switch will have to be
signed with a key. For more information, see
7. Disable selftests by typing the following command:
fipscfg --disable selftests
8. Disable IPFilter policies that were created to enable FIPS.
9. Optional: Configure RADIUS server authentication protocol.
10. Reboot the switch.

Zeroizing for FIPS

1. Log in to the switch using an account assigned the admin or securityAdmin role.
2. Type the command fipsCfg
3. Reboot the switch.

Displaying FIPS configuration

1. Log in to the switch using an account assigned the admin or securityAdmin role.
2. Type the command fipsCfg
142 Configuring advanced security features
enable fips.
--
disable fips.
--
Installing and maintaining
zeroize.
--
showall.
--
firmware, page 165.