How to enable FIPS#
To use FIPS, one can either launch existing Ubuntu premium support images which already have FIPS kernel and security pre-enabled on first boot at AWS Ubuntu Pro FIPS images, Azure Pro FIPS images and GCP Pro FIPS Images.
Alternatively, you can enable FIPS using the Ubuntu Pro Client, which will
install a FIPS-certified kernel and core security-related packages such as
openssh-server/client and libssl.
Danger
Disabling FIPS is not currently supported: only use it on machines intended expressly for this purpose.
Danger
Enabling FIPS should be performed during a system maintenance window because this operation makes changes to underlying SSL-related libraries and requires a reboot into the FIPS-certified kernel.
Important
Once you enable FIPS, enabling some Pro services will not be possible. For a better view of which services are incompatible with FIPS, please look at the services compatibility matrix
To enable FIPS, run:
$ sudo pro enable fips
You should see output like the following, indicating that the FIPS packages has been installed:
Installing FIPS packages
FIPS enabled
A reboot is required to complete install.