docs/cosa/run.md: document how to test FIPS mode

jlebon · jlebon · commit d49273c6778a · 2024-07-05T15:19:05.000-04:00
This question came up in an internal chat.
diff --git a/docs/cosa/run.md b/docs/cosa/run.md
@@ -109,6 +109,23 @@ $ cosa run --kargs 'foo bar'
 foo bar
 ```
 
+### FIPS mode
+
+For example, to test FIPS mode:
+
+```
+$ cosa run --kargs 'fips=1 boot=LABEL=boot'
+...
+[core@cosa-devsh ~]$ grep -o 'fips' /proc/cmdline
+fips
+[root@cosa-devsh ~]# update-crypto-policies --show
+FIPS
+[root@cosa-devsh ~]# fips-mode-setup --check
+FIPS mode is enabled.
+[root@cosa-devsh ~]# cat /proc/sys/crypto/fips_enabled
+1
+```
+
 ## Simulating a CoreOS install
 
 With `--qemu-iso` and `--add-disk`, it's possible to run through the interactive
