For some reason, https://ubuntu.com/blog/running-fips-140-workloads-on-ubuntu in the enable fips section instructed to do a "ua enable fips-updates" instead of ua enable fips and now my system is not compliant. The reason for this is because the compliance scripts look for a file called fips_enabled inside /proc/sys/crypto with a variable "fips" set equal to 1. Enabling/installing fips will do this for you automatically but enabling fips-updates does not.
Some things that I have tried.
Set fips=1 in /etc/default/grub in GRUB_CMDLINE_LINUX_DEFAULT
Disable fips-updates, uninstalling ua, reinstalling ua, and then trying to enable fips, but the system detects that fips-updates was previously allowed on the system and therefore fips cannot be enabled.
Best Answer
When enabling FIPS with UA client,
fipsis FIPS Certified, andfips-updatesis FIPS Compliant.Alas, once you go from
fipstofips-updatesyou can't go backwards tofipsagain. It's a 1 way journey.The distinction between FIPS Certified and FIPS Compliant, is that
fips-updateshas the benefit of security patching, and even supports live kernel patching through Livepatch.If you need to audit your fleet to determine what FIPS configuration has been applied where, you can audit UA Client FIPS configurations at scale with Landscape