.. hsm2-fips-support-guide.rst

.. _hsm2-fips-support-guide-label:

=========================
FIPS Mode Support Guide
=========================

.. Note::
  This guide only applies to YubiHSM 2 FIPS devices.

Putting YubiHSM 2 into FIPS Mode
================================

To configure the YubiHSM 2 into the FIPS Approved mode of operation:

:Step 1:	Use the ``Set Option`` service as follows: 4f000405000101 or

   .. code-block:: bash

     put option 0 fips-mode 01

:Step 2:	Import new Authentication Keys to replace the default values.

Validating the Mode
=====================

To check the mode of operation, use the ``Get Option`` service.

.. code-block:: bash

   get option 0 fips-mode

where-

 * 	``01`` return code indicates the Approved mode.

 * 	``00`` return code indicates the non-Approved mode.

Taking it out of FIPS Mode
============================

To configure the YubiHSM 2 into the non-Approved mode of operation.

:Step 1:	Delete all objects on the YubiHSM 2.

:Step 2:	Use the ``Set Option`` service as follows: 4f000405000100 or

   .. code-block:: bash

     put option 0 fips-mode 00