How to enable FIPS mode on RHEL system at the time of installation ?

Solution Verified - Updated 10 Oct 2025

Environment

Red Hat Enterprise Linux 6
Red Hat Enterprise Linux 7
Red Hat Enterprise Linux 8
Red Hat Enterprise Linux 9
Red Hat Enterprise Linux 10

Issue

Is there any way to perform FIPS compliant during RHEL installation?
Can I enable FIPS on my RHEL system at the beginning of installation?

Resolution

The Federal Information Processing Standard (FIPS) Publication 140-2, is a computer security standard, developed by a U.S. Government and industry working group to validate the quality of cryptographic module. The FIPS 140-2 standard ensures that cryptographic tools implement their algorithms properly.
Ideally, when aiming for FIPS compliance, new machines should be installed from scratch with the installer booted using the fips=1 kernel argument. With this option, all keys' generations are done with FIPS-approved algorithms and continuous monitoring tests in place. After the installation, the system is configured to boot into FIPS mode automatically.

For RHEL 9 and earlier:

Step 1: At the start of installation highlight the "Install Red Hat Enterprise Linux" menu. Press the tab key to change configuration options.
Step 2: Add fips=1 parameter to the end of current line and press "Enter" to proceed with installation. ![alt text] (https://access.redhat.com/sites/default/files/images/2025-10-10-170245_639x480_scrot.png)

For RHEL 10:

Step 1: At the start of installation highlight the "Install Red Hat Enterprise Linux" menu. Press 'e' to edit the boot options.
Step 2: Navigate to the end of "linux" entry, and after the "quiet" directive add "fips=1". Press F10 or Ctrl-x to proceed with installation. ![alt text] (https://access.redhat.com/sites/default/files/images/2025-10-10-164757_720x469_scrot-2.png)

See also : Follow How can I make RHEL 6/7/8 FIPS 140-2 compliant? if you have escaped to enable FIPS mode during installation time and now you want to make it enable after installation of Red Hat Enterprise Linux 6/7/8 .

Diagnostic Steps

Lets verify whether FIPS mode is enable or not after installation using any of the below command

# cat /proc/sys/crypto/fips_enabled
1

OR

# sysctl crypto.fips_enabled
crypto.fips_enabled = 1

SBR

Shells

Product(s)

Red Hat Enterprise Linux

Components

Category

Secure

Tags

This solution is part of Red Hat’s fast-track publication program, providing a huge library of solutions that Red Hat engineers have created while supporting our customers. To give you the knowledge you need the instant it becomes available, these articles may be presented in a raw and unedited form.