The FIPS1402mode configuration variable controls whether the use of crypto-based security mechanisms (if they are to be used at all, per the GPFS™ administrator) is to be provided by software modules that are certified according to the requirements and standards described by the Federal Information Processing Standards (FIPS) 140 Publication Series. When in FIPS 140-2 mode, GPFS uses the FIPS 140-2 approved cryptographic provider(s); IBMJCEFIPS (certificate 376) and/or IBMJSSEFIPS (certificate 409) and/or IBM® Crypto for C (ICC) (certificate 384) for cryptography. The certificates are listed on the NIST website.
The value of FIPS1402mode can be changed with the mmchconfig command. The default value for this variable is no. With FIPS1402mode=no, Linux nodes will use kernel encryption modules for direct I/O. If a cluster is configured with FIPS1402mode=yes, Linux nodes whose kernels are not running in FIPS mode will see a performance degradation when using direct I/O. The GPFS daemon on the node must be restarted in order for the new setting to take place.