Last active
October 7, 2021 03:50
-
-
Save bburky/68a5deae01d37e533954cd7e871da654 to your computer and use it in GitHub Desktop.
FIPS enabled Fedora 34 Lima VM configuration
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # FIPS enabled Fedora 34 Lima VM configuration | |
| # Based based on https://github.com/lima-vm/lima/blob/master/examples/fedora.yaml | |
| # Create the VM and restart the VM after initial creation to finish FIPS mode setup: | |
| # limactl start --tty=false default.yaml && limactl stop default && limactl start default | |
| # Test FIPS: | |
| # lima fips-mode-setup --check | |
| # Use it: | |
| # lima nerdctl run --rm -it busybox | |
| arch: "x86_64" | |
| images: | |
| - location: "https://download.fedoraproject.org/pub/fedora/linux/releases/34/Cloud/x86_64/images/Fedora-Cloud-Base-34-1.2.x86_64.qcow2" | |
| arch: "x86_64" | |
| digest: "sha256:b9b621b26725ba95442d9a56cbaa054784e0779a9522ec6eafff07c6e6f717ea" | |
| mounts: | |
| - location: "~" | |
| writable: false | |
| - location: "/tmp/lima" | |
| writable: true | |
| ssh: | |
| # localPort is changed from 60022 to avoid conflicting with the default. | |
| # (TODO: assign localPort automatically) | |
| localPort: 60024 | |
| firmware: | |
| legacyBIOS: true | |
| provision: | |
| # `system` is executed with the root privilege | |
| - mode: system | |
| script: | | |
| #!/bin/bash | |
| set -eux -o pipefail | |
| fips-mode-setup --enable |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment