HP-UX Kernel Cryptographic Module 2.1 User Guide (766149-002, April 2014)
Configuring HP-UX KCM to enable FIPS mode
By default, HP-UX KCM is in Non-FIPS mode. To enable FIPS mode, follow the steps mentioned
below:
1. To verify that KCM-FIPS product is installed, run the following command:
#swlist -l product | grep -i kcm
Expected Output:
KCM A.02.01.00 HP-UX Kernel Cryptographic Module (Non-FIPS and PKCS11)
KCM-FIPS A.01.00.00 HP-UX Kernel Cryptographic Module
If KCM-FIPS is not installed, install it from HP-UX KCM 2.1 depot.
2. To enable FIPS mode, run the following command:
/opt/kcm/kcm-config.sh fips
Expected Output:
FIPS mode enabled for HPUX-KCM
3. If kcm-config reports an error as follows, then unload the module which is using HP-UX
KCM ( for example, EVFS ) and then re-run the script shown in Step 2.
Expected Output:
HPUX-KCM is in loaded state. Please make sure that products
dependent on KCM ( for eg., EVFS ) are unloaded first
Configuring HP-UX KCM to enable Non-FIPS mode
1. To enable Non-FIPS mode, run the following command:
/opt/kcm/kcm-config.sh nonfips
Expected Output:
Non-FIPS mode enabled for HPUX-KCM
2. If kcm-config reports an error as follows, then unload the module which is using HP-UX
KCM ( for example, EVFS ) and then re-run the script shown in Step 1.
Expected Output:
HPUX-KCM is in loaded state. Please make sure that products
dependent on KCM ( for eg., EVFS ) are unloaded first.
Verifying FIPS status of HP-UX KCM
To verify the FIPS status of HP-UX KCM, run the following command:
/opt/kcm/kcm-config.sh status
Expected Output:
HPUX-KCM is in FIPS mode
or
HPUX-KCM is in Non-FIPS mode
12 Configuring HP-UX KCM