From: "Richard W.M. Jones" <rjones(a)redhat.com&gt; --- src/launch-direct.c | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/src/launch-direct.c b/src/launch-direct.c index f06bb23..58e4b1a 100644 --- a/src/launch-direct.c +++ b/src/launch-direct.c @@ -328,6 +328,13 @@ launch_direct (guestfs_h *g, void *datav, const char *arg) ADD_CMDLINE (VIRTIO_BLK ".scsi=off"); } + /* This oddly named option doesn't actually enable FIPS. It just + * causes qemu to do the right thing if FIPS is enabled in the + * kernel. So like libvirt, we pass it unconditionally. + */ + if (qemu_supports (g, data, "-enable-fips")) + ADD_CMDLINE ("-enable-fips"); + if (qemu_supports (g, data, "-nodefconfig")) ADD_CMDLINE ("-nodefconfig"); -- 1.8.3.1