Use the FIPS self-test to verify the sanity of FIPS software.
For more information on the FIPS self-test, refer to Running FIPS self-test.
Note
During FIPS self-test, the CPU usage is high. Use the fips self-tests command before the device is placed in FIPS operational or administrative modes. Execution of the fips self-tests command in FIPS operational or administrative modes may result in the device rebooting as per the FIPS criteria.From the Privileged EXEC level of the CLI on the console, use the fips self-tests command to verify that the FIPS Software and Firmware Integrity Test passes.
The following example shows the FIPS Software and Firmware Integrity Test as passed:
device# fips self-tests WARNING: Issuing of this command may result in your device reloading. WARNING: Please verify firmware images are installed correctly first. Are you sure? (enter 'y' or 'n'): y fips crypto drbg health check tests ran successful. FIPS Power On Self Tests and KAT tests successful. Running FIPS Software/Firmware Integrity Test Verifying MP Image file primary.....Verified OK FIPS: Image verification passed for primary PASSED Verifying MP Monitor.....Verified OK FIPS: Image verification passed for monitor PASSED Verifying LP Image file lp-primary-.....Verified OK FIPS: Image verification passed for lp-primary-0 PASSED Verifying LP Monitor.....Verified OK FIPS: Image verification passed for lp-monitor-0 PASSED FIPS Software/Firmware Integrity Test PASSED Running continuous DRBG check. Running continuous DRBG check successful. Pairwise consistency check successful. FIPS KAT and Conditional Tests... PASSED
If the test fails, make sure that the correct signature file was copied for the correct image file and version, and recopy as needed.
Note
The FIPS self-test must pass before saving the configuration and reloading the device.