Enabling FIPS using Ubuntu Advantage installs a FIPS-certified kernel as well as a number of cryptographic packages and pins those packages to ensure the system remains FIPS-compliant.
FIPS can be disabled on the system using ubuntu-advantage-tools version 26.0 or later with the following commands:
sudo ua disable fips
sudo reboot
This will disable FIPS compliance on the machine by unsetting GRUB configuration which will deactivate “FIPS mode” for related cryptographic modules. It will not remove the FIPS kernel.
In some cloud images, AWS and Azure, the machine will continue to boot into the linux-aws-fips
or linux-azure-fips
kernel respectively because the kernel version is higher than the default linux-azure
or linux-aws
kernel in those images.
If desired, the inactive cloud-optimized FIPS kernel can be removed:
- Confirm that your cloud-optimized kernel
linux-aws
orlinux-azure
is installed and bootable on that system - Remove the cloud-optimized fips kernel on the machine and reboot
CLOUD_OPTIMIZED_FIPS=`dpkg-query -W -f='${Package}\n'| egrep (linux-azure-fips|linux-aws-fips)`
sudo apt-get remove $CLOUD_OPTIMIZED_FIPS
sudo reboot