Set FIPS Mode
Note
This guide only applies to YubiHSM 2 FIPS devices.
Retrieve FIPS Mode Status
To check the mode of operation, use the Get Option command.
$ yubihsm-shell -a get-option --opt-name fips-mode
The return value would be 00 or 01, where-
01 return code indicates that FIPS approved mode is ON.
00 return code indicates the FIPS approved mode is OFF.
Putting YubiHSM 2 into FIPS Mode
To put the YubiHSM 2 into the FIPS Approved mode of operation:
Use the
Set Optioncommand as follows:$ yubihsm-shell -a put-option --opt-name fips-mode --opt-value 01
Import new Authentication Keys to replace the default values.
Taking YubiHSM 2 out of FIPS Mode
To disable FIPS approved mode on the YubiHSM 2:
Delete all objects on the YubiHSM 2 or do a factory reset.
Use the
Set Optioncommand as follows:$ yubihsm-shell -a put-option --opt-name fips-mode --opt-value 00