Brocade Communications Systems Brocade 8/12c Command Reference Manual page 386

22
fipsCfg
--zeroize [-nowarn]
--show | --showall
--force fips
--verify fips
--disable | --enable bootprom [-nowarn]
EXAMPLES
To display the current FIPS configuration:
To enable selftests:
To verify FIPS prerequisites:
To enable FIPS after prerequisites have been met:
352
Erases all passwords, shared secrets, private keys, etc. in the system.
Displays the current FIPS configuration.
This option enables FIPS mode even if prerequisites are not met, except under
the following two conditions:
•
In a dual-CP system if HA is not in sync between the two CPs.
•
If selftests is in a disabled state.
Scans the prerequisites for enabling FIPS and print the failure/success cases.
Disables or enables the Boot Programmable Read-Only Memory (Boot PROM) on
the switch. Boot PROM access is blocked in FIPS mode. Disabling Boot PROM
requires root permission. Enabling Boot PROM does not require root permission.
switch:admin> fipscfg --show
FIPS mode is : Disabled
FIPS Selftests mode/status is :
switch admin> fipscfg --enable selftests
You are enabling selftests.
Do you want to continue? (yes, y, no, n) [no] : yes
FIPS Selftests mode/status has been set to :
switch:admin> fipscfg --verify fips
Standby firmware supports FIPS
SELF tests check has passed
Root account is enabled.
Radius check has passed
Authentication check has passed
SNMP is in read only mode.
Bootprom access is disabled.
Firmwaredownload signature verification is enabled.
cfgload.secure parameter value is 1.
switch:admin> fipscfg --enable fips
You are enabling FIPS.
Do you want to continue? (yes, y, no, n) [no] : yes
FIPS mode has been set to : Enabled
Please reboot the system
switch:admin> fipscfg --show
FIPS mode is : Enabled
Disabled/None
Enabled/None
Fabric OS Command Reference
53-1001764-01